Welcome to the panel out to a network Cyber Security Academy, Secure Business Systems Administration presentation on business security policies. Overview and planning.
An effective business security policy should focus on securing the data, and applications that are critical for business level operations
by nature of the policies may be more general in scope, especially when compared to other security policies, such as specific wireless or password security.
Because business policies also have a wide sweeping impact, they are processes that we should review regularly.
It's important that we document these policies and we communicate them effectively.
An effective policy should specify details for the controls or tools that the policy refers. Teoh and also doing the eight the personnel that are responsible for performing the policy and procedure actions.
Policies also need to be supported by training and, when necessary, a sign off her acknowledgement by all parties that are affected by the policy
should be obtained. Data security policies can also be quite comprehensive. Data is often either utilized or access by multiple applications via multiple channels, so the effective security for that data can be quite complex or confusing.
Data classifications policies can help administrators associate data with data types
and then apply the appropriate security policies that would be scope for a specific business utilization policy. Management can be supported and simplified through the design of a secured trust relationship
when business data is integrated or exchange between applications or platforms. A trust relationship can employ approved encryption and authentication that would be needed to secure the data exchange between the tools.
In those instances, the trust policies can alleviate the need for a data policy to specify the technical details of the granular details
for the secure data transfer and oftentimes, policies can be confusing and even conflicting. To alleviate that problem. A hierarchical or parental poem asi structure can simplify some of that overhead. One parent will policy can be associated with more finally focused child policies.
For example, as the previous slide introduced, a trust policy between
business to business applications can specify the recommended encryption and authentication requirements, so the child application policy does not have to specify those settings.
But in all these incidences, policies need to be clearly understood and manageable in order to be effective