IT and Security Policies, Standards, Procedures, and Guidelines






 

Instructor: Jay Ranade
Duration: 2 days
Dates:  January 28th-29th, 2008

IT Policies set the tone for the IT organization as a whole. Information security policies set the tone for information security in the organization. There are global policies related to IT and Information security which are applicable to the whole organization and then there are IT-specific policies which are applicable to IT functions alone. Ultimate goal is for the policies to achieve business objectives and apply fundamental controls at a very high level. A security policy for information systems lays the foundations for building security infrastructure for any organization.

Security audits are audits against compliance from the reference framework of security policies.  Standards are derived from the policies. Procedures are detailed documents which are derived from the standards and give step-by-step procedures for the implementation of policies/standards.

The following topics will be discussed in this 2-day seminar:

  • IT Policies and IS security policies
  • IT Standards and IS security standards
  • What should be included in the policies?
  • What should be included in the standards?
  • Global Policies vs. IT Policies
  • Sample policy formulation and approval process  
  • Who signs the policies and standards
  • Who is the target audience for policies and standards
  • High-level vs. technical standards
  • Procedures and guidelines
  • Considerations for policies and standards for a global organization
  • Different types and categories of IT and IS security policies and standards
  • Contents of a typical policy, standard, procedure, and guideline
Copyright © 2002 Information Systems Audit and Control Association (ISACA™). All rights reserved.

Last updated December 15, 2007 7:43 PM