38 minutes

Video Description

This lesson covers how we'll manage the policy lifecycle. Chances are good that when you assume the role of CISO at an organization that there are already good policies in place. Effective management of the policy lifecycle, from creation to retirement will involve: - Reviewing the existing policies - Consolidation of policy Policy review should be regularly scheduled and executed at least once a year. Policy review should also be executed in the event of: - Changes to management structure - Changes to network infrastructure - On the occasion of major upgrades - When there were acquisitions Reviewers and approvers of policy must be identified. - Utilize Information Security Team, SME's, Auditors, legal, etc. - Determine who should be the reviewers and approvers for each update - Remember that ultimately it's up to the system owner to approve - Notify them that they will be asked to provide input - beforehand! - Provide an approximate schedule if possible When conducting reviews, you must: - Carefully review the materials that were sent - Determine whether the content and wording are acceptable - Be careful not to base an approval decision on whether or not the company is currently in compliance with the policy Approval should be based on the appropriateness of the requirements

Up Next

Policy Development

Security policy is a critical component of the design and further implementation of information systems. It outlines a set of rules and procedures that specify how the system should manage and safeguard sensitive information

Instructed By

Instructor Profile Image
Kelly Handerhan
Senior Instructor