CISSP Study Guide: The Objectives of a Security Policy

Guiding your technical team on their choice of equipment is a good starting-point. The policy terminology will likely not include this kind of information as to which equipment or designs are to be used.

Once a decision is made or the equipment is in place, the second objective would be to advise the team in arranging the equipment. The policy might state that the team will be tasked with blocking certain websites from the system, but doesn’t specifically list which sites.

The third objective defines the responsibilities of users and administrators. This aids in the process of evaluating the proficiency of security measures.

The fourth objective would break down the ensuing ramifications of policy violation.

The last objective would be to define and clarify the reactions to network threats. It’s important to also clarify the process for escalating items that might go unrecognized on the network. Each member of the team should be prepared to employ an action plan in the event of a breach to the network.