If not all, we can point out the various major policies that can help you kick-off. For easy reading we've cut the details, here's the checklist:
AUP - Acceptable Use Policy or Fair Use Policy defines the ways/restrictions of using the Organisation's IT resources
Privacy
Version control
Communications
Reporting
Backup
(Read more: 5 Best Practices to secure your Big Data Implementation)
Basic Contents of policy-
State the Management's commitments
Why is the policy made, what are the goals
Where does the policy apply and the exceptions
Probable security incidents
Glossary of the information security terms precisely defining the meaning
Clearly state the who,how and why of Incidence reporting, so whenever a breech is detected, minimum time in wasted in communication
A chart/organized data to distinguish the sensitivity of any such incident
Clear demarcation of roles and responsibilities along with ethical practices
--------------
CSIRT Policies and Standards
Policies are documented principles adopted by the management team.
The policies of an organization should be clearly understood by the entire
workforce and the knowledge of the incident response policy will allow the
CSIRT to act on their responsibilities.
i) Incident Response Policy
Building an incident response policy involves several objectives.
First, an Incident Response Policy cannot be enforced unless it has
management approval. Endorsement by management is critical. Without this
approval the team will be destined to encounter business road bocks that will
hinder a timely incident response. In some cases, it may not even be allowed.
Second, the policy must be clear. Any employee should be able to
easily understand what the policy is about. If a non-technology oriented
employee is confused by the policy, then the policy should be rewritten.
Third, the policy must be to the point A long winded policy will either be
a bad policy or one that would include sections that should be in a procedure
document instead.
Forth, the policy must be usable and implementable. Avoid statements
that sound appropriate but will be open to interpretation. At the same time,
the policy should not include objectives that the CSIRT will not be able to
execute due to business processes or corporate culture.
Once the policy as been created, it is important to make regular checks
against its effect on the workforce. When changes occur in the business
direction or new technology systems are implemented, update the policy to
match the new processes.
ii) Incident Response Standards and Procedures
(Read more: 7 Key Lessons from the LinkedIn Breach)
A successful CSIRT is a team that has documented standards and
procedures. Standards should be written from how the CSIRT will begin its
investigations and report the findings to standards written for how the CSIRT
will be trained and what authority the members will be granted.
A good standard will define when the CSIRT will contain and clean up
incidents and when the team will watch and gather information for litigation.
Having good recovery procedures are essential. It is very rare to find a
CSIRT member that has mastered every operating system and application in
your environment. Having procedures to follow on how to correctly down and
restore a system can help prevent time consuming efforts and alleviate some
of the stress of the incident.
These written procedures will aide the CSIRT in formalizing how
investigations are carried out, how evidence is handled, what organizations
are notified at what times, how post mortem reporting is conducted, how
malicious software is to be eradicated and how to perform a recovery of a
information system.
iii) Code of Conduct
The code of conduct policy for the CSIRT is a set of rules outlining how
a team member will behave in a way that supports the goals of the incident
response team and the mission statement of the company. The code of
conduct will be used when no other policy or procedure applies. It should
reflect the natural behavior of a professional incident handler. An example of
a CSIRT code of conduct policy was written by the original manager of the
CERT,1
Rich Pethia.
-----------
policy-
http://www.comptechdoc.org/independent/security/policies/security-policies.html
pwd policy,remote access,internt cnntn,approved app,BYOD policy,
Note:
Try to make a crisp, precise note book/digital copy with images and videos for quick and fun interactive sessions. Try to remove all thick policy manuals that most people won't read. Our main aim is
ref;
http://csrc.nist.gov/publications/nistpubs/800-61rev2/SP800-61rev2.pdf
Comments