Essay --

As the policy pyramid shows, the best security begins with upper management creating an actual policy or mandate to implement security. The policy should be based on industry standards and regulations such as ISO 17799 and HIPAA. Procedures, practices and guidelines form the basis for all security technology. Products such as ESM measure policy compliance with policies and modules for operating applications, systems and databases. These then interact with the actual computer environment. the components of an effective information security policy : †¢Security accountability: Stipulate the security roles and responsibilities of general users, key staff, and management. Producing accountability within these three staff categories will help your organization comprehend and manage expectations and provides a foundation for enforcing all other ancillary policies and procedures. This section should also define various classes of data, such as inner,basic and external, and confidential. By classifying the data, you can then make stipulations as to what varieties of employees are accountable for, and capable to modify or distribute, certain classes of information. For example, you may send out memos that say, "No confidential data may be circulated outside the business without management sign-off." †¢Group service plans: Generate policies for protected remote access, IP address administration and router, switch and configuration security procedures, and access listing (ACL) stipulations. Before they can be implemented, Indicate which important staff have to review which change procedures. For example, your security staff should review all recommended ACL modifications before your network administrators implement the changes. Define your r... ...n making options about method configuration and employ. This method will help you create specific safety goals along with a plan to tackle them. Before you manage protection you have to have a method to measure its usefulness. Your corporate security plan provides the suitable baseline standards against which to calculate compliance. There is no need to commence from scratch. Instead of analyzing each and every risk, take a look at what others are doing. Meet up with standards of due treatment by using current standards and industry "greatest practices". Focus on regulations and requirements from industry, partners and government. Some small companies have the propensity to outline security policy from the bottom up, beginning with the features of the equipment at hand. Medium and large businesses know that noise security guidelines begin in the top straight down.