I. Security Policy Guidelines
Policies are considered highest level of documentation, from which the other major standards, procedures, and guidelines run. Security policy changes over time, and there is a policy life-cycle. For policies to be effective, they must be properly developed using industry-accepted practices, distributed or disseminated using appropriate and multiple methods. The policies can also be modified to a fit particular company's standard and must be reviewed and understood by all employees. Everyone in the company must formally agree to by assertion, enforced and applied uniformly.
Policy Design Process
When designing a policy development team must be selected. A committee to interpret the policy to determine the scope and goal of the policy and who is covered should be defined. Policies must be implementable and enforced concise and easy to understand. It should have balance protection with productivity, state reason why they are …show more content…
Risk analysis helps asset list and quantitative value based on priorities. With risk analysis, one notices the contrast between anticipated value of a decision option and the benefit that may transpire. When conducting a risk analysis, it is important to perform a risk assessment. Risk assessment is the process of identifying and estimating what liability of a risk can be exploited and what impact it might pose. Risk analysis tries to minimize risk exposure to external attacks, accidental misuse, or malicious insiders. It also allows a company to evaluate weak links within the business and their adverse impact. Failure to conduct risk analysis could result in security