Personnel Security:

From HORSE - Holistic Operational Readiness Security Evaluation.
Revision as of 17:25, 25 July 2006 by Mdpeters (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Personnel Security

ISO 17799 defines Personnel Security objectives to reduce risks of human error, theft, fraud, or misuse of facilities; ensure that users are aware of information security threats and concerns, and are equipped to support the corporate security policy in the course of their normal work; and minimize the damage from security incidents and malfunctions and learn from such incidents. This section provides templates for Information Security standards that are required to comply with ISO Personnel Security objectives and support the objectives established in the Acceptable Use Policy, Security Awareness Policy, and Threat Assessment and Monitoring Policy.

1. Sample ISO Internet Acceptable Use Standard
The Internet Acceptable Use Standard is required to comply with ISO Personnel Security objectives and builds on the objectives established in the Acceptable Use Policy by providing specific instructions and requirements on the proper and appropriate business use of Internet resources.


2. Sample ISO Electronic Mail Acceptable Use Standard
The Electronic Mail Acceptable Use Standard is required to comply with ISO Personnel Security objectives and builds on the objectives established in the Acceptable Use Policy by providing specific instructions and requirements on the proper and appropriate business use of electronic mail resources.


3. Sample ISO Telecommunications Acceptable Use Standard
The Telecommunications Acceptable Use Standard is required to comply with ISO Personnel Security objectives and builds on the objectives established in the Acceptable Use Policy by providing specific instructions and requirements on the proper and appropriate business use of telecommunications resources.


4. Sample ISO Software Acceptable Use Standard
The Software Acceptable Use Standard is required to comply with ISO Personnel Security objectives and builds on the objectives established in the Acceptable Use Policy by providing specific instructions and requirements on the proper and appropriate business use of Company software.


5. Sample ISO Misuse Reporting Standard
The Misuse Reporting Standard is required to comply with ISO Personnel Security objectives and builds on the objectives established in the Acceptable Use Policy by providing specific instructions and requirements for reporting misuse of electronic communications systems and violations to the Acceptable Use Policy and its associated standards.


6. Sample ISO Management Security Awareness Standard
The Management Security Awareness Standard is required to comply with ISO Personnel Security objectives and builds on the objectives established in the Security Awareness Policy by providing specific instructions and requirements on security awareness education and training for the management team.


7. Sample ISO New Hire Security Awareness Standard
The New Hire Security Awareness Standard is required to comply with ISO Personnel Security objectives and builds on the objectives established in the Security Awareness Policy by providing specific instructions and requirements on security awareness education and training for newly hired employees.


8. Sample ISO Third Party Security Awareness Standard
The Third Party Security Awareness Standard is required to comply with ISO Personnel Security objectives and builds on the objectives established in the Security Awareness Policy by providing specific instructions and requirements on security awareness education and training for third party personnel.


9. Sample ISO Ongoing Security Awareness Standard
The Ongoing Security Awareness Standard is required to comply with ISO Personnel Security objectives and builds on the objectives established in the Security Awareness Policy by providing specific instructions and requirements on ongoing security awareness education and training for employees.


10. Sample ISO Security Awareness Accessibility Standard
The Security Awareness Accessibility Standard is required to comply with ISO Personnel Security objectives and builds on the objectives established in the Security Awareness Policy by providing specific instructions and requirements for ensuring appropriate access to the Information Security Program Charter and associated policies and standards.


11. Sample ISO Incident Response Standard
The Incident Response Standard is required to comply with ISO Personnel Security objectives and builds on the objectives established in the Threat Assessment and Monitoring Policy by providing specific requirements for developing and exercising formal plans, and associated metrics, for responding to security incidents and intrusions.


Retrieved from "http://horseproject.wiki/index.php?title=Personnel_Security:&oldid=2401"