Anatomy Of Security Document Controls

The core Of information Security Program

Develop Documents and Implement Security Policy

Internal Governance

The internal Governance Supports and articulates The external Governance such as Laws and Regulations

The Policy set The foundational enduring Principles while Standards Procedures Provide a specific details while these elements differ in nature they are interconnected and play various roles

Successful Development and implementation of information security measures require alignment with the organization's Mission, Goals and Objectives those document collectively serve as the BluePrint for a Robust Information security offering governance valuable guidance decision support legal authority and risk management

Anatomy:

Policies: Are a HighLevel Management Directives, They are madatory that is for example adhering to a company a sexual harassment policy is required even if you don't agree with it , they don't dwell into specifics and remain at a highLevel for instance a server security policy discusses protecting the CIA of the System without using LowLevel Terms

Architector:

It should contains a basic Componments such as purpose scope, Responsibilities and compliance

  • The purpose describes the need for the poilicy.

  • The scope outlines the covered system and entities.

  • The responsibilities Detail the role of the individuals and the teams.

  • Compliance addresses the effectiveness of Policies and Consequences of violations

SABSA

It provides a sturcture and processes for buildingand maintaining Security architecture.

it approch aims to manage risk effectively link controls across administrative technical and physical domains in integrate security into the organization (IT infrastructure, Business processes and culture)

The layered framework of the Enterprise Security architecture progressses from policy to practical implementation each layer addresses specific aspects such as assets to be protected motivations for applying security functions needed for security involvement of people relevant locations and time related aspects

PreviousAlignment of the security functions to business (Strategy,Goals, Mission & Objectives)NextUnbounded Orchestration

Last updated