1.2 IT Security Policy Fundamentals

00:02

Hello and welcome to I t Security policy from Cyber Eri.

00:06

This is macho one. The introduction and this is the second episode

00:10

is being taught by Troy Lemaire

00:13

with learning objective for this episode is gonna be wider. We need i t security policies,

00:19

what should be included in each policy and who should approve the policies.

00:24

So why do you actually need I t security policies?

00:27

Well,

00:28

one of the reasons is you want to define the desired behavior of employees. So if you can put into the policy exactly where the expectations that you have for the employees, you can hopefully get them too.

00:41

Abide by those policies that are there.

00:44

You also can define directions to employees. So if there's things inside of your policy that are directing the employees to do something a certain way, that is where you can document this.

00:54

You're gonna help to protect the organization and the employees so you can have different things in the policy that might be certain protection mechanisms. Such a Zen I virus. Oh, our remote access or things like that that will help to protect the organization as a whole.

01:10

And then you can define the consequences of these user actions so they not follow the policies. So this is something you would want to work, which HR department on to make sure that they are in agreement with this and have an understanding of it. But it's a way to say if the policy is broken or not followed for some reason, these the consequences that can happen.

01:30

So what should be in every IittIe policy?

01:34

So in every I t security policy, you should have an overview. Thatjust explains what this policy is about.

01:40

What's the purpose of the policy? Why are you putting this policy out there?

01:44

The scope of who this applies to for this policy, whether it's just I t staff or it's the whole

01:49

organization or it's just remote workers, you could define that, decided the scope.

01:55

Then you won't have the policy body, which is where you're actually

01:57

putting all the material and information that you want about that policy.

02:02

You can have the policy compliance, which is where you can live, things that can happen in consequences that can happen by not following the policy

02:10

and then you want to have your revision history. Most policies should be approved on an annual basis. So whenever you approve them on an annual basis, you can have your revision in street to show. When was the last time it was approved and then was the latest time it was approved?

02:25

And then who should approve your IITTIE skewed policies? Well, most people will agree that you wanna have the highest level of an organization approved this so either executive management and or border the records or some type of board committee so that it could be disseminated from the top and go all the way down the organization.

02:47

So in summary again today we

02:50

looked at Why do we need I t security policies? What should be included in each policy? And then who should approve i t. Security policies.

03:00

Looking forward in the next lecture, we're gonna start getting in through the actual policies themselves, and we're gonna take on the general policies, some of them listed or acceptable use data backup as well as email policies.

03:15

Again, any questions or clarification, you can reach me through Cyberia message, and my user name is at Troy Lemaire.