Section 11.98 Policies Flashcards
Objectives 5.1 Summarise elements of effective security governance. Objectives 5.4 Summarise elements of effective security compliance
Policies
Acceptable Use Policy (AUP)
Document that outlines the do’s and don’ts for users when interacting with an organisation’s IT systems and resources
■ Defines appropriate and prohibited use of IT systems/resources
■ Aims to protect organizations from legal issues and security threats
Policies
Information Security Policies
Outlines how an organisation protects its information assets from threats, both internal and external
These policies cover a range of areas:
● Data Classification
● Access Control
● Encryption
● Physical Security
Ensures confidentiality, integrity, and availability of data
Policies
Business Continuity Policy
Ensures operations continue during and after disruptions
■ Focuses on critical operation continuation and quick recovery
■ Includes strategies for power outages, hardware failures, and disasters
Policies
Disaster Recovery Policy
Focuses on IT systems and data recovery after disasters
■ Outlines data backup, restoration, hardware/software recovery, and alternative locations
Policies
Incident Response Policy
Addresses detection, reporting, assessment, response, and learning from security incidents
■ Specifies incident notification, containment, investigation, and prevention steps
■ Minimises damage and downtime during incidents
Software Development Lifecycle (SDLC) Policy
Guides software development stages from requirements to maintenance
■ Includes secure coding practices, code reviews, and testing standards
■ Ensures high-quality, secure software meeting user needs
Change Management Policy
Governs handling of IT system/process changes
■ Ensures controlled, coordinated change implementation to minimize disruptions
■ Covers change request, approval, implementation, and review processes
