Premium Essay


In: Computers and Technology

Submitted By maikran
Words 6043
Pages 25
Information Security Policy

Best Practice Document

Produced by UNINETT led working group on security (No UFS126) Authors: Kenneth Høstland, Per Arne Enstad, Øyvind Eilertsen, Gunnar Bøe October 2010

© Original version UNINETT 2010. Document No: Version / date: Original language : Original title: Original version / date: Contact:

© English translation TERENA 2010.

All rights reserved.

GN3-NA3-T4-UFS126 October 2010 Norwegian “UFS126: Informasjonsikkerhetspolicy” July 2010

UNINETT bears responsibility for the content of this document. The work has been carried out by a UNINETT led working group on security as part of a joint-venture project within the HE sector in Norway.

Parts of the report may be freely copied, unaltered, provided that the original source is acknowledged and copyright preserved. The translation of this report has received funding from the European Community's Seventh Framework Programme (FP7/2007-2013) under grant agreement n° 238875, rel ating to the project 'Multi-Gigabit European Research and Education Network and Associated Services (GN3)'.


Table of Contents

1.1 1.2

4 5 6
6 6

Security goals Security strategy

2 3
3.1 3.2 3.3 3.4 3.5 3.6 3.7 3.8 3.9 3.10 3.11 3.12

Risk management Information security policy Security organization Classification and control of assets Information security in connection with users of 's services Information security regarding physical conditions IT communications and operations management Access control Information systems acquisition, development and maintenance Information security incident management Continuity planning Compliance

8 10
10 11 11 12 13 14 17 21 22 23 24 25

4.1 4.2


Similar Documents

Free Essay


...The Total Environment of the Firm Educational factors • Literacy level – the percentage of the total population and those presently employed in the industry who can read, write and do simple calculations. • Specialized vocational and technical training and general secondary education – the type, quantity, and quality of persons obtaining such education or training and the proportion of those employed in industry with such education and training. • Higher education – the percentage of the total population and those employed in industry with post- high school education, plus the types and quality of such education. • Special management programs – the extent and quality of management development programs which are not run internally by productive enterprises, and which are aimed at improving the skills and abilities of managers and potential managers • Attitude toward education – attitude toward education and the acquisition of knowledge in terms of its presumed desirability • Education match with requirements – the extent and degree to which the types of formal education and training available in a given country fits the needs of productive enterprises on all levels of skill and achievement. Socio-cultural factors • View toward industrial managers and management – attitude toward industrial and business managers of all sorts, and the way that such managers tend to view their......

Words: 823 - Pages: 4

Premium Essay

Public Policy

...MODELS FOR POLICY ANALYSIS INSTITUTIONALISM: POLICY AS INSTITUTIONAL OUTPUT Government institutions have long been a central focus of political science. Public policy is authoritatively determined, implemented, and enforced by these institutions. Therelationship between public policy and government institutions is very close. Strictly speaking, a policy does not become a public policy until it is adopted, implemented, and enforced by some government institution. Government institutions give public policy three distinctive characteristics. •First, government lends legitimacy to policies. Government policies are generally regarded as legal obligations that command the loyalty of citizens. •Second government policies involve universality. Only government policies extend to all people in a society; the policies of other groups or organizations reach only a part of the society. •Finally, government monopolizes coercion in society, only government can legitimately imprison violators of its policies. The impact of institutional arrangements on public policy is an empirical question that deserves investigation. Federalism recognizes that both the national government and the state governments derive independent legal authority from their own citizens. PROCESS: POLICY AS POLITICAL ACTIVITY Today political processes and behaviors are a central focus of political science. Political scientists with an interest in policy have grouped various activities according to......

Words: 1479 - Pages: 6

Premium Essay

The Policy Process

...THE POLICY PROCESS 1 The Policy Process HCS/455 December 2, 2011 The Policy Process 2 The Health care industry has many policies, rules and regulations that have to be followed in order to have a successful company in today’s world. The Health care industry has many policies that keep companies in compliance with all the rules and regulations in order to protect the consumers, patients and employees. In every hospital, doctor’s offices, therapy clinics, etc, there will always be certain protocol of running a successful and thriving business. A certain point in time where these policies were made, there was a process to developing a policy for a particular business. All companies, corporation, or business will have policies set in place. This holds true for the foundation for AIDS/HIV. While putting together certain regulation for research groups, this foundation also has to follow each step in the policy process. Coming up with that policy was a process and throughout this paper we will discuss the policy process and what it takes to ensure the write policy has been made to protect the company, consumers and all of its employees. The policy process has certain steps that have to be taken before having a successful outcome. These important steps are as follows: The formulation stage, the legislative stage and the implementation stage. Throughout this paper we will......

Words: 1513 - Pages: 7

Premium Essay

Security Policy

...of the security policy is enforced by mechanisms that are strong enough. There are many organized methodologies and risk assessment strategies to assure completeness of security policies and assure that they are completely enforced. In complex systems, such as information systems, policies can be decomposed into sub-policies to facilitate the allocation of security mechanisms to enforce sub-policies. However, this practice has pitfalls. It is too easy to simply go directly to the sub-policies, which are essentially the rules of operation and dispense with the top level policy. That gives the false sense that the rules of operation address some overall definition of security when they do not. Because it is so difficult to think clearly with completeness about security, rules of operation stated as "sub-policies" with no "super-policy" usually turn out to be rambling rules that fail to enforce anything with completeness. Consequently, a top level security policy is essential to any serious security scheme and sub-policies and rules of operation are meaningless without it. If it is important to be secure, then it is important to be sure all of the security policy is enforced by mechanisms that are strong enough. There are many organized methodologies and risk assessment strategies to assure completeness of security policies and assure that they are completely enforced. In complex systems, such as information systems, policies can be decomposed into sub-policies to facilitate......

Words: 374 - Pages: 2

Free Essay

Policy Making

...Impact Assessment - Policies | | | |Title of policy being assessed: |Corporate Communication Strategy/Action Plan | |Department and Section: |Chief Executive’s | | |Public Relations | |Names and roles of officers completing this assessment: |Head of Public Relations | |Contact Telephone Numbers: |0116 305 6272 | |Date assessment completed: |5th March 2009 | |Defining the policy | | | |Why is the policy necessary? ......

Words: 2097 - Pages: 9

Free Essay


...Organizational policies are used to achieve uniformity, economics, public relations, benefits and other objectives that many be unrelated to recruiting. At time, policies can be a source of constraints. Policies that may affect recruitment are highlighted below. Compensation policies: pay policies are a common constraints faced by recruiters, Organizations with HR departments usually establish pay ranges for different jobs to ensure equitable wages and salaries. Recruiters seldom have the authority to exceed the stated pay ranges. Of course, pay ranges must be special cases such as international openings. Applying domestic compensation rates overseas often entails overpaying or underpaying foreign nationals compared with what they would normally earn. At the same time, employees which are reassigned overseas often need and expect an increase to handle extra living expenses. Employment status policies: some companies have policies on hiring part-time and temporary employees. Although there is growing interest in hiring these types of workers,policies can cause recruiters to reject all but those seeking full-time work. Limitations on part-time and temporary employees reduce the pool of potential applicants, especially since this segment of the workforce is a fast-growing one. In fact, a study of 484 firms found a one-third in cease in the use of part-timers. policies that discriminate against any refundable group should be reviewed, when those groups are protected under......

Words: 451 - Pages: 2

Premium Essay

Social Policy

...Noxolo Nkosi 206513080 Policy analysis 701 21 April 2013 Decision making one Introduction Human action depends upon a setoff alternatives act from which to choose, belies and some representation of the values of the consequences of the act given the possible belief. In policy cycle decision making is a step that falls within policy formation and implementation (Etzion, 168, from Parsons, 1995). This is the stage in policy cycle where choices are made between alternatives. Decisions are made when it is believed that the decision to be made will produce or will lead to desired state of the world. Values and belief are put forward in decision making and the time frame to which that goal is to be achieved at is also set. Power plays a big role in decision making, techniques as well as strategies is required as to how to select an appropriate and a sound decision. There are people who are appointed as the role players in decision making those people poses power and they have authority for making decision. The issues o decision will be explored with regard to the policy context as well as the policy they impact on policy making , I will also look at how the policy analysis serve to explain or to describe how decision come to be made. Issue • The issue is about the decision analysis techniques which serves to explain how decisions are ought to be made. • The role......

Words: 1493 - Pages: 6

Premium Essay

Audit Policy

...[pic] Server Audit Policy Created by or for the SANS Institute. Feel free to modify or use for your organization. If you have a policy to contribute, please send e-mail to 1.0 Purpose The purpose of this policy is to ensure all servers deployed at are configured according to the security policies. Servers deployed at shall be audited at least annually and as prescribed by applicable regulatory compliance. Audits may be conducted to: • Ensure integrity, confidentiality and availability of information and resources • Ensure conformance to security policies 2.0 Scope This policy covers all servers owned or operated by . This policy also covers any server present on premises, but which may not be owned or operated by . 3.0 Policy hereby provides its consent to allow to access its servers to the extent necessary to allow to perform scheduled and ad hoc audits of all servers at . 3.1 Specific Concerns Servers in use for support critical business functions and store company sensitive information. Improper configuration of servers could lead to the loss of confidentiality, availability or integrity of these systems. 3.2 Guidelines Approved and standard configuration templates shall be used when deploying server systems to include: • All system logs shall be sent to a central log review system • All Sudo / Administrator actions must be logged • Use a central patch deployment system • Host security...

Words: 416 - Pages: 2

Premium Essay

Policy and Development

...DEVELOPMENT AND PUBLIC POLICY guidance on the application of community development approaches to different aspects of anti-poverty and social inclusion work €10 Siobhán Lynam Bridgewater Centre, Conyngham Road, Islandbridge, Dublin 8 Tel: 01 670 6746 Fax: 01 670 6760 Email: Website: COMMUNITY DEVELOPMENT AND PUBLIC POLICY Siobhán Lynam Community Development and Public Policy 1 © 2006 ISBN: 1-905485-11-5 While every effort has been made to ensure that the information contained in this book is accurate, no legal responsibility is accepted by the author or Combat Poverty for any errors or omissions. The views expressed in this publication are the author’s own and not necessarily those of Combat Poverty Agency. 2 Community Development and Public Policy CONTENTS Acknowledgements Preface 4 5 Introduction Background to the publication Structure of the publication 6 6 Section 1: Defining public policy 1.1 What is public policy? 1.2 How is policy made? 1.3 The public policy cycle 1.4 Example of a community organisation’s impact on policy 7 7 8 13 16 Section 2: A community-development approach to policy making 2.1 Giving voice to excluded groups 2.2 Characteristics of a community-development approach 2.3 Value of adopting a community-development approach 18 18 19 21 Section 3: Influencing public policy making 3.1 Develop a policy agenda 3.2 Make it an......

Words: 13791 - Pages: 56

Free Essay

Policy Evaluation

...Policy evaluation can be better defined as a process by which general judgments about quality, goal attainment, program effectiveness, impact, and costs can be determined. It is an assessment of whether a set of activities implemented under a specific policy has achieved a given set of objectives. Once public policy has been operationalized through the formal adoption of laws, rules, or regulations, and the bureaucracy has taken action to implement the policy, some form of evaluation needs to be accomplished to determine if the policy has achieved the desired outcome or impact. Public policy represents the expenditure of limited public resources and or restrictions on certain types of individual or organizational behavior. Consequently, the public has a right to expect that their government officials are accountable for the validity, efficiency, and effectiveness of those policies. Policy evaluation is therefore an absolutely critical stage in the policy process whereby we can determine whether a policy’s effects are intended or unintended and whether the results are positive or negative for the target population and society as a whole. In essence, policy evaluation is the process used to determine what the consequences of public policy are and what has and has not been achieved. Elected officials, policy makers, community leaders, bureaucrats, and the public want to know what policies work and what policies don't, and the purpose of evaluation is to determine whether an......

Words: 310 - Pages: 2

Premium Essay

Policy Process

...The Policy Process Part One Sarah Falsey HCS/455 January 27, 2014 Linda Morrow The Policy Process Part One Present growth thoughts imply that the policy structure is vital in shaping the performance of public sector bodies, farmers, households, and firms. As a result of extending, the trade and industry expansion of a nation depends on the eminence of this policy outline, the ideas that are taken, and the processes drawn in by thinking about each resolution. In the United States (US), most policies are produced through a self-governing arrangement in which officials come to a decision that best serves a state, a group of people, or a nation in its entirety. The self-governing arrangement makes sure that there is a routine cycle of stages in the policy-making process. All of these stages work together to determine a particular dilemma and often are formed in some organizations. Policies are developed in response to the existence of a perceived problem or an opportunity. This paper will go over how a topic becomes a policy. The writer will also touch on the last three stages that a topic must go through to become a policy. The first step of the policy process is the idea. In this stage, the proper authorities define the problem or problems and set a game plan or agenda. An agenda is like a list of troubles that the government usually wants to solve. Typically there are so many issues that they must be categorized in order of importance, with some troubles getting......

Words: 1375 - Pages: 6

Free Essay

Hiv Policy

...HIV/AIDS Policy Process Sheila Zinnerman HCS/455 Health Care Policy: The Past and the Future University of Phoenix, Augusta Campus June 9th, 2011 Sharon E. Reed. MA, MPA HIV/AIDS Policy Process Part I The Offices of HIV/AIDS Policy spear-headed by the president of the United States promotes health and human services policies concerning implementation and development of HIV/AIDS policy, programs and resources. This paper will describe the first three stages of the policy process. The stages of interest here are the formulation, legislative and implementation stages. The goal of the HIV/AIDS Policy is to engage individuals, schools, organizations, and communities for the fight against HIV/AIDS. The policy’s objective is to change people’s attitudes about those living with HIV and those who are most at-risk for the disease (OHAP, 2010). In order to attain these goals unified groups and agencies are needed to form a policy. The Formulation Stage During this stage of the policy process information from institutional and national research programs are gathered from reports, research projects, resource flows like human resources and development patterns, medical research councils, and ministries whose activities affect the health of people. Within this stage long and short term goals are stated considering future of health scenarios and relative research needs. Policy guidelines specifying priority topics and themes are formulated. Listed below are eight other......

Words: 1622 - Pages: 7

Free Essay

Policy Template

...the system, they will receive a valid log on and temporary password to the company’s network. Policy 4.1 After an employee has received a new temporary password they are required to log on to the system within 48 hours and set up their own secure password. 4.2 The password must have at least 10 characters and include at least one special character (!@#$%^&*?) 4.3 Passwords will be required to be changed every 90 days. 4.4 Do not write down your passwords so they are visible to others. (ie leaving a sticky note on desk) 4.5 You may only use a company assigned computing device to access the company’s network while working remotely. 4.6 When connecting to the company’s network you are required to use the company’s VPN software so the traffic is encrypted. 4.7 NEVER share data with anyone outside of the company unless authorized by a manger. Policy Compliance 5.1 The company will ensure your compliance by requiring a password change every 90 days or if the password you selected is considered not strong enough. 5.2 A datasharing exception needs to be discussed with your manager. An example of this would be if your team is working with a 3rd party or contractor on a company project. 5.3 If it is found that you are responsible for sharing or leaking data you can be terminated. 5 Related Standards, Policies and Processes 6.1.1 Obtain login ID and initial password from HR, you will be required to log...

Words: 611 - Pages: 3

Premium Essay

Aup Policy

...Lab #1 Assessment Worksheet Crafting an Organization-Wide Security Management Policy for Acceptable Use Student Name: Jonathan Duarte Student Banner ID: 900421269 Date: 2/4/2016 Overview In this lab, you defined an AUP as it relates to the User Domain, you identified the key elements of sample AUPs, and you learned how to mitigate threats and risks with an AUP. Lab Assessment Questions & Answers 1. What are three risks and threats of the User Domain? Threats: * Lack of user awareness * User inserts CDs and UBS drives and personal photos, music, and videos. * Lack of knowledge Risks: * User destruction of systems, application, or data * Stolen Data * Stolen Software/Application 2. Why do organizations have acceptable use policies (AUPs)? * It is because so they can protect the security of a network/organization * Prevent users from getting viruses * Prevent user and organizations to open their systems and network to attacks * Consequences an organization or employee may face * Informing users of acceptable behavior and the use of computers/networks. 3. Can Internet use and e-mail use policies be covered in an acceptable use policy? * Yes they can! Because it’s for the safety of employees and the organization itself. * It’s so the organization is protected at all times. 4. Why is an acceptable use policy not a fail-safe means of mitigating risks and threats within the User Domain? * Because you...

Words: 500 - Pages: 2

Premium Essay

Policy Analysis

...Policy Analysis I What is she doing in a men’s jail? Transgender individuals in the right facility are a major concern of prisoners going through transgender change. As a refugee from Nicaragua, Luisa Espinosa was required to walk a gauntlet bare-chested while other inmates laughed, leered and made insults to her breasts. Espinoza stated many times inmates and officers made fun of her and making homophobic slurs. She had received this type of abuse in Nicaragua; she did not expect it here (Garvin, 2003). Espinoza was born male but had not yet completed the surgery to become a woman. She identified as a female her whole life. She has dressed as a female, wears her hair as a female and speaks femininely. She sits in jail awaiting the Immigration and Naturalization Service makes every effort to send her back to Nicaragua where she faces the same ridicule (Garvin, 2003). Formal complaints have been lodged with the Sacramento County Board of Supervisors by Espinoza and other transgender prisoners. They are stating the Sacramento Sheriff’s Department habitually violates the rights of transgenders. The grievances are the beginning to civil lawsuits and outline constant incidences of discrimination against Espinoza and other transgender inmates, prejudiced comments by jail employees and steady sexual harassment. This paints a picture of transgender people singled out for cruel and unusual chastisement in Sacramento’s main jail. Espinoza stated the San Francisco......

Words: 769 - Pages: 4