Like what you see? Get it in one document for easy printing!
Click Here!
Use coupon code "certiguide" to save 20%!
(Expires 2004/12/31)

Test yourself better with 300 extra Security+ questions!
Get It Here!

Custom Search







Table Of Contents  CertiGuide to Security+
 9  Chapter 5:  Operational/Organizational Security (Domain 5.0; 15%)

Previous Topic/Section
5.3.3  Backups
Previous Page
Pages in Current Topic/Section
1
Next Page
5.4.1  Security Policy
Next Topic/Section

5.4  Policy and Procedures

Security policy (or collection of policies) can be regarded as the strategy and practices concerning confidentiality, integrity and availability of data426. A policy or set of policies cannot be created or purchased until the company philosophy has been clearly defined.

Policies define what is to be protected. Once policies are defined procedures are created to ensure the policies that have been decided upon are implemented. Procedures determine how that protection happens. Procedures should also be in place for step-by-step instructions for abnormal events. Just as virtually every public place has an EXIT sign as a guide in the event of an emergency, a procedure should be written in a step-by-step manner for “what to do & how to do it” in the event of negative occurrences.

This work continues with some brief thoughts. All readers are strongly advised to refer to RFC 2196427. Readers of this document who do or are considering employment in the computer industry should consider studying carefully RFC 2196 mandatory.

When developing policies and procedures, it’s useful to have some familiarity with the current laws related to computer and network security and data privacy. An overview of key US Federal privacy laws as of 2002 can be found in Protect Your Digital Privacy: Survival Skills for the Information Age428 by Cady and McGregor. There are more than you might think, and worth a look – though since Security+ is not a US-specific exam, exactly what laws apply in the US are outside the scope of the exam.

Quick navigation to subsections and regular topics in this section



 __________________

426. http://online.securityfocus.com/infocus/1193

427. http://www.faqs.org/rfcs/rfc2196.html

428. Cady, Glee Harrah and Pat McGregor, Protect Your Digital Privacy: Survival Skills for the Information Age, Que, December, 2001, http://www.nerdbooks.com/item.html?id=0789726041

Previous Topic/Section
5.3.3  Backups
Previous Page
Pages in Current Topic/Section
1
Next Page
5.4.1  Security Policy
Next Topic/Section

If you find CertiGuide.com useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Security+ from StudyExam4Less.com. (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support!
Donate $2
Donate $5
Donate $10
Donate $20
Donate $30
Donate: $



Home - Table Of Contents - Contact Us

CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004

Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.