Security Management Programs and Oversight: Guide Line and Policies

Question 1

What are guideline and policies?

Answer 1

Guidelines serve as a framework in an effective security-governance program within an organization. They provide clear directives and best practices to ensure consistent and aligned security measures across all levels, processes, and systems.

Policies establish the overarching principles and rules in an effective security governance program within an organization, guiding decision-making and standardizing security practices to protect sensitive data and mitigate risks.

Question 2

What are AUP’s?

Answer 2

AUPs: Delineates the permissible boundaries and rules governing the appropriate and responsible utilization of an organization’s IT resources, systems, and networks by employees and stakeholders.

Acceptable Use Policies

Purpose and scope

Authorized users

Acceptable use

Unacceptable Use

Email

Lega department must be involved

Social Media

Consequences on breach of Policy

Reporting breaches (self reporting) - Encouragement to do this

Employee needs to sign on the onboarding process

Question 3

What are ISP’s?

Answer 3

ISPs: Outlines the comprehensive strategies, protocols, and practices that an organization employs to safeguard its sensitive data, digital assets, and information systems against unauthorized access, breaches, and cyber threats.

Information Security Policy

Scop and applicability

Roles and Responsibility

Information Classification

Access control

MDM

Legal/regulatory compliance

Communication and reporting

Question 4

What should you include in a BCP?

Answer 4

Business continuity policies: Establish the strategies, procedures, and guidelines necessary to ensure an organization’s critical operations, processes, and services can continue functioning or recover swiftly in the face of disruptions, disasters, or unforeseen events.

Question 5

What should you consider in a Disaster recovery Policies?

Answer 5

Disaster recovery policies: Define the systematic procedures, protocols, and measures that an organization follows to restore and resume its IT systems, applications, and data after a significant disruption or catastrophic event. This helps minimize downtime and ensure operational continuity.

Incident response policies: Delineate the predefined steps, roles, and responsibilities that an organization follows to swiftly detect, assess, mitigate, and recover from security breaches, cyberattacks, or other adverse events. This helps minimize potential damage and ensure a coordinated and effective response.

Question 6

What are the outlines of SDLC?

Answer 6

Software development Life Cycle

SDLC: Outlines the structured methodology and stages through which software applications are planned, designed, developed, tested, deployed, and maintained. Integrates security considerations at every phase to ensure robust protection against vulnerabilities and threats.

Plan
Analyse
Design
Implementing
Test
Maintain
Plan

Question 7

What should you take into account in a change management policies?

Answer 7

Change management policies: Establish guidelines, processes, and approvals required for implementing modifications, updates, or alterations to IT systems, applications, or infrastructure. This helps ensure that changes are carried out in a controlled manner to prevent disruptions and maintain an organization’s security posture.