35 hours 10 minutes
Hello and I'd like to welcome you back to Siberia is comped ear certified advance, including practitioners Certification, Preparation Course.
We're gonna continue our discussion of marginal three witches Tyrell, Organization of Security
Here again are they object? This what we're gonna do now is focus our attention on the ejected dealing specifically with Section two
That's not our intention toward a pre assessment course. Tin and the course that is as follows. Policy procedures differ because policies are blank and procedures are blank. Is it, eh?
Was it being
is it see,
or is it d?
The correct response should have been.
requirements and text again. Policy. Too difficult. Policies are requirements, and procedures are technical.
Let's not begin by discussing or to find out exactly what the security policy is all about.
A security deposit is a high level document that defines the organization. Visions concerning security goals need scope and responsibilities.
So why is the security policy important? It defines who, what and why we're guarding desired behavior and the any play important role in organization Overall security posture. The goal. When writing, obviously if executed policy, it's provide relevant direction and value to individuals within your organizations.
Now there are three basic types of policies need to be aware of,
and they are organizational master policy. They could be system specific policies or issue specific policies we look at the master security parts could be thought of as a blueprint for a whole organization security program.
A system specific posit concerned with a specific or individual computer system is meant to present them prove software, hardware and heartening method for that specific system.
Lastly, it interest Pacific policy is concerned with certain functional aspects that may require more attention. For this reason, a separate policies prepare for that issue. Explain with details required level security and instruction that all staff and others must about by to achieve this particular lever.
So here again are some examples off issue specific policy ranging from your change mansion policy,
your email policy encryption parts of the last minutes of release of which your access control type policies
here, again with a different type security documentations. We're gonna discuss these. We have policies, standards, prestigious guidelines and baste mine.
So here again is taking a look at security controls and security controls. We discuss each one of these in detail
now for the process to create a policy Frank Rs follows. First of all, you don't have a purpose in the mission for the policy you define. Who has responsibility for enforcing the policy, ugo a hair to compliance issues. They're covered in that new policy. Obviously, it also has a scope for that policy coverage as well.
So, again, this is a process for great eh
policy framework. Obviously, this is generic in nature.
So when the 1st 1 to take a look at it, what exactly is a policy? A policy is, of course, of principal off action adopted or proposed by government, party business or individual
policy can be generally defined as a system of laws, regulatory measures, course of action and funding priorities.
Then we look a standard. A standard defines the obligatory other words. If it finds obligations are rules, instructions and action required to realize the goals and objectives set forth by top manager in the security policies,
Force of procedures procedures are the lowest level in yours. A security documentation structure, while it's created policy is a high level document containing journal directives. A procedure is a very detailed document that illustrates, in other words, step by step instructions. How to perform a specific task.
Got lines are practical instructions and recommendations talking at all levels of staff in your organization. These instructions are considered as operational guys on how to apply and enforce the status and baselines guidelines obviously are flexible and again you're not really obligated to again. You're not required to do these. In other words,
the last woman take a look. It's called a baseline,
and our team manager baseline is respected value or condition against which all performance are compared. A baseline is a fixed reference point from a project manager perspective. The creation, based on, is considered as the official end of a project planning and the start of a project, execution and control.
So what's the purpose of security policy in Venice? Askew Deposit is a document that states and writing how a company plans to protect this company physical information technology of the words its assets.
So while polishing procedure important, positive seems essential component of any organization positive point because they address pertinent issues justice what constituted set behavior by your employees. You can also you like both policies, procedures during decision making it and what that does to ensure that the employees are consistent and obviously in their decision
now forth our best practices
in terms of policy inmates got a game. We want to keep these policies up. The date wouldn't make sure we have time revision updates. Opposite can be exceptions and waivers. We won't have a course that from users in management,
and you also have changes to your lenses, so get a lot of time to get some. Change the organization. You need to make sure those changes are implemented within your reflected on the words within your various policies. This brings us to our post assessment question and the course and is as follows. The reason our secure deposit often feeling is is it a because of bad communication?
Be because unclear purpose.
See, you'll have enough money or D for planning.
If you say like that, be your absolute crazy because of unclear purposes of reason why I enjoyed a Most policies fail
so in review, a security deposit is, ah, high level document. It takes a top management, security vision, objective scope and responsibility. It's instead of again the rules that support the security policy executed based night is a threshold that all systems in the old days and must comply with
a gallon. Ozzie is a set of flexible recommendations and best practices,
a procedures in detail, step by step document that illustrate how to make a specific tasks.
This brings us to the very end of this particular section here, and an upcoming video will be taking a look at Section number three, which is titled Document and Operates, a critic controls,
so I look forward to seeing you on the next video.
The CompTIA CASP+ Practice-Lab will provide you with the necessary platform to gain hands-on skills ...
Become a SOC Analyst - Level 3
This Career Path is for a Security Operations Center Analyst (SOC Analyst). This particular Career ...