Chapter2.ppt

Security Program and Policies

Principles and Practices
by Sari Stern Greene

Chapter 2: Policy Elements and Style

*

Copyright 2014 Pearson Education, Inc.l
*
Objectives

Distinguish between a policy, a standard, a baseline, a procedure, a guideline, and a plan
Identify policy elements
Include the proper information in each element of a policy
Know how to use “plain language”

Copyright 2014 Pearson Education, Inc.l

*

Policy Hierarchy
Policies reflect the guiding principles and organizational objectives
Policies need supporting documents for context and application
Standards, baselines, guidelines, and procedures support policy implementation
The relationship between a policy and its supporting documents is known as the policy hierarchy

Copyright 2014 Pearson Education, Inc.l
*

Copyright 2014 Pearson Education, Inc.l

Copyright 2014 Pearson Education, Inc.l
*
Policy Hierarchy cont.
Standards
Dictate specific minimum requirements in policies
They are specific
Determined by management and can be changed without the Board of Director authorization
Note that standards change more often than policies
Baselines
An aggregate of implementation standards and security controls for a specific category or grouping (for example, Windows 7, smartphones, and so on)

Copyright 2014 Pearson Education, Inc.l

*

Copyright 2014 Pearson Education, Inc.l
*
Policy Hierarchy cont.
Guidelines
Suggestions for the best way to accomplish a given task
Guidelines are created primarily to assist users in their goal to implement the policy
They are not mandatory
Procedures
Method, or set of instructions, by which a policy is accomplished
A step-by-step approach to implementation
Four commonly used formats for procedures
Simple step, hierarchical, graphic, flowchart

Copyright 2014 Pearson Education, Inc.l

*

Policy Hierarchy cont.
Plans and Programs
Provide strategic and tactical instructions on how to execute an initiative or respond to a situation
Plans and programs are used interchangeably
Plans are closely related to policies

Copyright 2014 Pearson Education, Inc.l
*

Copyright 2014 Pearson Education, Inc.l

Copyright 2014 Pearson Education, Inc.l
*
Policy Format
The style and format of a policy will change based on the target audience of said policy
Identify and understand the audience
Identify the culture shared by the target audience
Plan the organization of the document before you start writing it. Will it be…
One document with multiple sections?
Consolidated policy section
Several individual documents?
Singular policy

Copyright 2014 Pearson Education, Inc.l

*

Copyright 2014 Pearson Education, Inc.l
*
Policy Components
Policy components
Policies include many different sections and components
Each component has a different purpose
Clearly identify the purpose of each element in the planning phase before the writing part starts

Copyright 2014 Pearson Education, Inc.l

*

Copyright 2014 Pearson Education, Inc.l
*
Version Control
Used to keep track of the changes to the policy
Usually identified by a number or letter code
Major revisions advance by a number or letter
1.0, 2.0, 3.0
Minor revisions advance by a subsection
1.1, 1.2, 1.3
Version control documentation includes:
Change date
Name of the person(s) making the change
Brief synopsis of the change
Who authorized the change
The effective date of the change

Copyright 2014 Pearson Education, Inc.l

*

Introduction
Provides context and meaning
Explains the significance of the policy
Explains the exemption process and the consequences of noncompliance
Reinforces the authority of the policy
A separate document for a singular policy
Follows the version control table and serves as a preface for consolidated policy

Copyright 2014 Pearson Education, Inc.l
*

Copyright 2014 Pearson Education, Inc.l

Copyright 2014 Pearson Education, Inc.l
*
Policy Headings
Identifies the policy by name and provides an overview of the policy topic or category
The format and content depends on the policy format
Singular policy includes:
Name of the organization or the division
Category, section, and subsection
Name of the author and effective date of the policy
Version number and approval authority
Consolidated policy document
Heading serves as a section introduction and includes and overview

Copyright 2014 Pearson Education, Inc.l

*

Copyright 2014 Pearson Education, Inc.l
*
Policy Goals and Objectives
What is the goal of the policy?
Introduces the employee to the policy content and conveys the intent of the policy
One policy may have several objectives
Singular policy objectives are located in the policy heading or in the body of the document
Consolidated policy objectives are grouped after the policy heading

Copyright 2014 Pearson Education, Inc.l

*

Copyright 2014 Pearson Education, Inc.l
*
Policy Statement
Why does the policy exist?
What rules need to be followed?
How will the policy be implemented?

Copyright 2014 Pearson Education, Inc.l

*

Copyright 2014 Pearson Education, Inc.l
*
Policy Statement

Hig- level directive or strategic roadmap
Focuses on the specifics of how the policy will be implemented
It’s a list of all the rules that need to be followed
Constitutes the bulk of the policy
Standards, procedures, and guidelines are not a part of the Policy Statement. They can, however, be referenced in that section

Copyright 2014 Pearson Education, Inc.l

*

Copyright 2014 Pearson Education, Inc.l
*
Policy Exceptions

Not all rules are applicable 100% of the time
Exceptions do not invalidate the rules, as much as they complement them by listing alternative situations
Language used in this section must be clear, accurate, and concise so as not to create loopholes
Keep the number of exceptions low

Copyright 2014 Pearson Education, Inc.l

*

Copyright 2014 Pearson Education, Inc.l
*
Policy Enforcement Clause

Rules and penalty for not following them should be listed in the same document
The level of the severity of the penalty should match the level of severity and nature of the infraction
Penalties should not be enforced against employees who were not trained on the policy rules they are expected to follow

Copyright 2014 Pearson Education, Inc.l

*

Administrative Notations
Provides a reference to an internal resource or refers to additional information
Include regulatory cross-references, the name of corresponding document (standard, guideline, and so on), supporting documentation (annual reports, job descriptions), policy author name and contact information

Copyright 2014 Pearson Education, Inc.l
*

Copyright 2014 Pearson Education, Inc.l

Copyright 2014 Pearson Education, Inc.l
*
Policy Definitions

The glossary of the policy document
Created and included to further enhance employee understanding of the policy and rules
Renders the policy a more efficient document
The target audience(s) should be defined prior to the creation of the glossary
Useful to show due diligence of the company in terms of explaining the rules to the employees during potential litigation

Copyright 2014 Pearson Education, Inc.l

*

Writing Style and Technique
Sets the first impression
Policies should be written using plain language
Simplest, most straightforward way to express an idea
Follow The Plan Language Action and Information Network (PLAIN) guidelines

Copyright 2014 Pearson Education, Inc.l
*

Copyright 2014 Pearson Education, Inc.l

Copyright 2014 Pearson Education, Inc.l
*
Summary

The structure of the policy documents ease the maintenance and creation of the overall document.
A successful policy sets forth requirements (standards), ways for employees to act according to the policy (guidelines) and actual procedures.
A policy is a complex set of individual documents that build upon each other to convey the message to all employees of the organization in an efficient fashion.

Copyright 2014 Pearson Education, Inc.l

*

Place your order
(550 words)

Approximate price: $22

Calculate the price of your order

550 words
We'll send you the first draft for approval by September 11, 2018 at 10:52 AM
Total price:
$26
The price is based on these factors:
Academic level
Number of pages
Urgency
Basic features
  • Free title page and bibliography
  • Unlimited revisions
  • Plagiarism-free guarantee
  • Money-back guarantee
  • 24/7 support
On-demand options
  • Writer’s samples
  • Part-by-part delivery
  • Overnight delivery
  • Copies of used sources
  • Expert Proofreading
Paper format
  • 275 words per page
  • 12 pt Arial/Times New Roman
  • Double line spacing
  • Any citation style (APA, MLA, Chicago/Turabian, Harvard)

Our guarantees

Delivering a high-quality product at a reasonable price is not enough anymore.
That’s why we have developed 5 beneficial guarantees that will make your experience with our service enjoyable, easy, and safe.

Money-back guarantee

You have to be 100% sure of the quality of your product to give a money-back guarantee. This describes us perfectly. Make sure that this guarantee is totally transparent.

Read more

Zero-plagiarism guarantee

Each paper is composed from scratch, according to your instructions. It is then checked by our plagiarism-detection software. There is no gap where plagiarism could squeeze in.

Read more

Free-revision policy

Thanks to our free revisions, there is no way for you to be unsatisfied. We will work on your paper until you are completely happy with the result.

Read more

Privacy policy

Your email is safe, as we store it according to international data protection rules. Your bank details are secure, as we use only reliable payment systems.

Read more

Fair-cooperation guarantee

By sending us your money, you buy the service we provide. Check out our terms and conditions if you prefer business talks to be laid out in official language.

Read more

Order your essay today and save 30% with the discount code HAPPY