POLICIES PROCEDURES AND AWARENESS TESTOUT SECURITY PRO Regulation
- Slides: 19
POLICIES, PROCEDURES, AND AWARENESS TESTOUT SECURITY PRO
Regulation Procedure Baseline Guideline Acceptable Use Policy (AUP) Privacy Policy Authorized Access Policy (AAP) Change Management And Configuration Management Policy TESTOUT SECURITY PRO
Code Escrow Agreement Human Resources (HR) Policy Code Of Ethics Organizational Security Policy Password Policy Service Level Agreement (SLA) User Education And Awareness Policy User Management Policy TESTOUT SECURITY PRO
Health Insurance Portability and Accountability Act of 1996 (HIPPA) Sarbanes-Oxley Act of 2002 Gramm-Leach-Bliley Act Patriot Act of 2001 California Database Security Breach Act of 2003 Children's Online Privacy Protection Act of 1998 (COPPA) TESTOUT SECURITY PRO
Regulation: A requirement published by a government or other licensing body that must be followed. Procedure: A step-by-step process that outlines how to implement a specific action. Baseline: A standard that dictates the settings and security mechanisms that must be imposed on a system in order to comply with required security standards. Guideline: A recommendation that is used when a specific standard or procedure does not exist. Acceptable Use Policy (AUP): A policy that defines how users should use the information and network resources in an organization. Privacy Policy: A policy that outlines how the organization will secure private information for employees, clients, and customers. Authorized Access Policy ( AAP): A policy that specifies access controls that are employed on a network. TESTOUT SECURITY PRO
Change Management And Configuration Management Policy : A policy that regulate changes to policies, practices, and equipment that could impact the security of your IT infrastructure. Code Escrow Agreement : A document that specifies the storage and conditions of release for source code. Human Resources (HR) Policy : A policy used by HR that defines hiring and termination processes, job rotation requirements, and personal time off procedures. Code of Ethics: A set of rules or standards that help individuals to act ethically in various situations. Organizational Security Policy: A high-level overview of the corporate security program. Password Policy: A policy that detail the requirements for passwords used in an organization. TESTOUT SECURITY PRO
Password Policy: A policy that details the requirements for passwords used in an organization. Service Level Agreement (SLA): An agreement between a customer and provider that guarantees the quality of a network service provider's care to a subscriber. User Education And Awareness Policy : A policy with provisions for user education and awareness training. User Management Policy : A policy that identify actions to follow when employee status changes to ensure the security of the system, including hiring new employees, promoting and transferring employees, and terminating employees. Health Insurance Portability and Accountability Act of 1996 (HIPPA): A US federal law that specifies that all organizations must protect the health information that they maintain. Sarbanes-Oxley Act of 2002: A US federal law that requires publicly traded companies to adhere to very stringent reporting requirements and implement strong controls on electronic financial reporting systems. TESTOUT SECURITY PRO
Gramm-Leach-Bliley Act: A US federal law designed to protect private information held at financial institutions. Patriot Act of 2001: A US federal law that gives law enforcement the authority to request information from organizations to detect and suppress terrorism. California Database Security Breach Act of 2003: A California state law that specifies that any agency, person, government entity, or company that does business in the state of California must inform California residents within 48 hours if a database breach or other security breach occurs in which personal information has been stolen or is believed to have been stolen. Children's Online Privacy Protection Act of 1998 (COPPA): A US federal law that requires organizations that provide online services designed for children below the age of 13 to obtain parental consent prior to collecting a child's personal information. TESTOUT SECURITY PRO
Defines how company resources are used Sets expectations for privacy Defines all monitoring activities Communicates all monitoring activities Applies monitoring to all employees Complies with legal requirements for privacy Sets expectations for internet and email activities TESTOUT SECURITY PRO
Outlines how private information is secured Outlines how personally identifiable information (Pll) is used Pll items include: Full name Address Telephone number Driver’s license National ID number Credit card numbers TESTOUT SECURITY PRO
Health Insurance Portability and Accountability Act (HIPPA) Sarbanes-Oxley Act (SARBOX) Gramm-Leach-Bliley Act (GLBA) Patriot Act Individual state mandates Children’s Online Privacy Protection Act (COPPA) Authorized Access Policy (AAP) TESTOUT SECURITY PRO
Identify a need for a change, document it, submit request Conduct a feasibility analysis Design a method to implement the change Notify all parties affected by the change Implement the change (authorized downtime) Test the implementation Document the change Analyze feedback TESTOUT SECURITY PRO
Hiring policies Termination policies and procedures Job rotation policy Mandatory vacation policy TESTOUT SECURITY PRO
Personal conduct Eschew unlawful or unethical behavior Appropriately report unlawful activity TESTOUT SECURITY PRO
Is usually written by security professionals Identifies roles and responsibilities for the security program Identifies acceptable and unacceptable actions Identifies the rules and responsibilities of enforcing a policy TESTOUT SECURITY PRO
Never use the same password for different systems Disable or lock out after a certain number of failed logins Never contain words, slang, or acronyms Change passwords within a certain timeframe Use a rotation policy A strong password: Uses multiple character types Contains a minimum of eight characters Is not part of a username or email address TESTOUT SECURITY PRO
Familiarize employees with the security policy Communicate standards, procedures, and baselines Facilitate ownership and recognition of security responsibilities Establish reporting procedures TESTOUT SECURITY PRO
Hiring new employees Promoting and transferring employees Terminating employees TESTOUT SECURITY PRO
What is the difference between a regulation and a guideline? What are the main reasons to implement security policies within an organization? How is due diligence different from due process? How can a code escrow agreement provide security for an organization? When a new security plan is distributed, why is it important to destroy all copies of the old version? What are the characteristics of a strong password policy? TESTOUT SECURITY PRO
Testout security pro
Testout pc pro
Testout network pro
Testout server pro
Testout ethical hacker pro
Testout server pro
Testout server pro
Testout it fundamentals pro
Testout network
Recruitment selection and induction
Classroom policies and procedures
Lending policies and procedures managing credit risk
Importance of policies and procedures
Policies and procedures presentation
Configuration policies and procedures
Security program and policies principles and practices
Security program and policies principles and practices
Security program and policies principles and practices
Security program and policies principles and practices
Security program and policies principles and practices
