From the AVP - The Need for Strong InfoSec Policy
"A security policy does not dictate how a business runs.
Rather, the business needs dictate the security policy." - UGA Chief Information Security Officer
Information security policies underpin the security and well being of information resources. They are the foundation, the bottom line, of information security within any institution.
Once strong security policies are implemented @ UC, a number of benefits will emerge including:
- A framework from which all security efforts will be built.
- Lessened uncertainty about whether an action is permissible.
- A basis for action to be taken in case of policy violations.
- A comprehensive system for auditing our security efforts.
The university Information Security policies are formal statements that specify a set of rules that all users must follow when gaining access to the UC’s information and information systems. For these security policies to succeed they must follow these guidelines:
- Management must support the policies.
- The policies must be technically feasible.
- The policies must be implemented globally throughout the institution.
- The policies must clearly define responsibilities for users, faculty, administrators and management.
- The policies must be flexible to adapt to changing technologies and institution goals.
- The policies must be understandable.
- The policies must be widely distributed.
- The policies must be enforceable.
- The policies must provide sanctions for users violating the policies.
- The policies must contain a response plan for when security breaches are exposed.
| |
|
