Free Essay

Is3350 Discussion 1

In: Computers and Technology

Submitted By lea40ish
Words 255
Pages 2
Failing to do a risk assessment before crafting a policy, but it is a crucial step many overlook. With Web Services Security Policy Language, the policy is in place.

Having a 'one-size-fits-all' mentality. But writing a security policy that is going to work for you means more than just editing. While you might use a template or borrow from another organization's example, after your risk assessment, it is important to customize your policy for what YOUR organization needs. They have a very detailed lay out. An A, B,C if you will.
Failing to have a standard template. Have consistency for policies within your organization, policy and governance, and awareness training. There is extensive training
Having policies that only look good on paper.
Organizations that are failing to do sufficient and frequent compliance checking.
This is recommended but no time of checking
Failing to get management to buy in to the policy
Everyone needs to abide by security policy, said Cresson Wood. That includes the most high-level staff members. Again detailed policy for all
Writing policy after a system is deployed
Security needs to be part of the systems development process, according to Cresson Wood, who said he often sees patch management programs that clients have put in place that are out of date and miss the mark of what is really going on in security.
Lack of Security policy needs to be reevaluated at least once a year, perhaps even more frequently follow up
This is not written but recommended

Similar Documents

Premium Essay

Information Security

...Security Issues in Legal Context Discussion 5.1: Privacy in the Workplace The Children's Online Privacy Protection Act, which went into effect date, April 21, 2000, affects U. S. commercial Web sites and third-party commercial Web sites that schools permit their students to access. "COPPA requires "operators of websites or online services directed to children and operators of websites or online services who have actual knowledge that the person from whom they seek information is a child (1) To post prominent links on their websites to a notice of how they collect, use, and/or disclose personal information from children; (2) With certain exceptions, to notify parents that they wish to collect information from their children and obtain parental consent prior to collecting, using, and/or disclosing such information; (3) Not to condition a child's participation in online activities on the provision of more personal information than is reasonably necessary to participate in the activity; (4) To allow parents the opportunity to review and/or have their children's information deleted from the operator’s database and to prohibit further collection from the child; and (5) To establish procedures to protect the confidentiality, security, and integrity of personal information they collect from children. Non-profit sites are not included in the act; however, many are voluntarily complying. The Children's Internet Protection Act went into effect April 20,......

Words: 2799 - Pages: 12

Premium Essay


...Security Syllabus Where Does This Course Belong? This course is required for the Bachelor of Science in Information Systems Security program. This program covers the following core areas:    Foundational Courses Technical Courses BSISS Project The following diagram demonstrates how this course fits in the program:    IS4799 NT2799 IS4670 ISC Capstone Project Capstone ProjectCybercrime Forensics NSA    NT2580 NT2670  Introduction to  Information Security IS4680 IS4560 NT2580 NT2670 Email and Web Services Hacking and Introduction to  Security Auditing for Compliance Countermeasures Information Security Email and Web Services      NT1230 NT1330 Client-Server Client-Server  Networking I Networking II  IS3230 IS3350 NT1230 NT1330  Issues Client-Server Client-Server  SecurityContext in Legal Access Security Networking I Networking II   NT1110  NT1210 Structure and Introduction to  ComputerLogic Networking    IS3120 IS3110 NT1210 Network  Risk Management in Introduction to General Education / General Studies NT2580 NT2799 Communications Information Technology Introduction to Information Security NSANetworking Capstone Project IS4550 NT2640 Security Policies and Implementation IP NT2640 Networking IP Networking PT2520...

Words: 2305 - Pages: 10