Organizational Security:: Difference between revisions

From HORSE - Holistic Operational Readiness Security Evaluation.
Jump to navigation Jump to search
No edit summary
 
(One intermediate revision by the same user not shown)
Line 1: Line 1:
=='''Organizational Security'''==
==Organizational Security==
<br>
ISO 27002 (17799) defines Security Policy objectives to provide management direction and support for information security. This section provides templates for an Information Security Program Charter and supporting policies that are required to comply with ISO Security Policy objectives.<br>
ISO 17799 defines Security Policy objectives to provide management direction and support for information security. This section provides templates for an Information Security Program Charter and supporting policies that are required to comply with ISO Security Policy objectives.<br>
<br>
<br>
:1. [[Sample Information Security Program Charter:|'''Sample ISO Information Security Program Charter''']]<br>
:1. [[Sample Information Security Program Charter:|'''Sample ISO Information Security Program Charter''']]<br>
:The Information Security Program Charter is required to comply with ISO Security Policy objectives and serves as the capstone document for the Information Security Program that empowers the Program to manage Information Security-related business risks.<br>
:The Information Security Program Charter is required to comply with ISO Security Policy objectives and serves as the capstone document for the Information Security Program that empowers the Program to manage Information Security-related business risks.<br>
<br>
<br>
 
:2. [[Sample Information Handling Standard:|'''Sample ISO Information Handling Standard''']]<br>
 
:This Information Handling Standard is required to comply with ISO Communications and Operations Management objectives and builds on the objectives established in the Asset Protection Policy by providing specific instructions and requirements for handling information assets. These instructions address handling requirements for printed, electronically stored and electronically transmitted information.<br>
[[Sample Information Handling Standard:|'''Sample Information Handling Standard''']]
<br>
 
:3. [[Sample Remote Access Standard:|'''Sample Remote Access Standard''']]<br>
[[Sample Remote Access Standard:|'''Sample Remote Access Standard''']]
:The Remote Access Standard for information assets will be provided only to meet an approved business need or perform prescribed job responsibilities to comply with ISO Organizational Security requirements. Remote access must be facilitated by using Company-approved methods and programs.<br>
<br>

Latest revision as of 12:40, 15 June 2007

Organizational Security

ISO 27002 (17799) defines Security Policy objectives to provide management direction and support for information security. This section provides templates for an Information Security Program Charter and supporting policies that are required to comply with ISO Security Policy objectives.

1. Sample ISO Information Security Program Charter
The Information Security Program Charter is required to comply with ISO Security Policy objectives and serves as the capstone document for the Information Security Program that empowers the Program to manage Information Security-related business risks.


2. Sample ISO Information Handling Standard
This Information Handling Standard is required to comply with ISO Communications and Operations Management objectives and builds on the objectives established in the Asset Protection Policy by providing specific instructions and requirements for handling information assets. These instructions address handling requirements for printed, electronically stored and electronically transmitted information.


3. Sample Remote Access Standard
The Remote Access Standard for information assets will be provided only to meet an approved business need or perform prescribed job responsibilities to comply with ISO Organizational Security requirements. Remote access must be facilitated by using Company-approved methods and programs.