What is the advantages of implementing the following policies and procedures: RRS feed

  • Question

  •     1.        Logon

                      2.        User and group accounts

                      3.        Directory and file system

                      4.        Data protection

                      5.        Secure transmission                                                                                 

                      6.        Remote and mobile users                                                       

                      7.        Virus control

                      8.        Electronic mail

                      9.        Rules of acceptable and unacceptable behaviours

    Tuesday, January 31, 2012 5:00 AM

All replies

  • Toti,

    That's an incredibly broad question. I'm not sure what kind of information you are looking for. Do you want the high level management rationale? If you want technical reasons then please ask about specific settings, your list covers thousands of settings and features in Windows.

    Kurt Dillard http://www.kurtdillard.com
    Thursday, February 2, 2012 3:10 PM
  • Any security policy or procedure is developed in response to a requirement.

    So, that is the question you need to answer first.

    If you can't list specific requirements for the topics you mention, then by definition there is no need for any policy or procedure.

    Start by going down your list. For each topic, write down your requirements.

    For example, under "User and group accounts", do have password requirements? If so, then you can write a policy that defines your requirements, and procedures that implement your requirements. It's that simple.

    Many organizations must comply with regulatory requirements (PCI-DSS, Sarbox, etc.) If similar requirements apply in your case, then you have your requirements in hand, and you know which policies and procedures you need.

    The "advantage" to having policies and procedures for regulatory requirements is the ability to conduct business, which is a significant advantage indeed.

    There are numerous examples available for policies and procedures, but you are frequently better off writing your own. Keep them simple and brief.

    • Proposed as answer by Kurt Dillard Friday, February 10, 2012 3:59 PM
    Tuesday, February 7, 2012 8:17 PM