Information Security Governance Papers
| Paper Title | The Direct Part of the Model – An Information Security Policy Architecture |
|---|---|
| The Abstract of The Paper |
Introduction
In Chapter 4, the Model for Information SecurityGovernance was introduced.One of the main characteristics of the Model is the Direct/Control Cycle, which represents the fact that top-down directing takes place over all levels of management, and bottom-up control takes place, again over all levels. The two actions of Direct and Control ensure that proper governance is enforced throughout the whole cycle. This chapter discusses the Direct part of the cycle in detail and it will be shown how Directives from the Strategic Level are expanded, on the Tactical Level, to a Corporate Information Security Policy, and how that is again expanded into detailed policies, procedures and standards. Each of these sub-policies is then again expanded on the Operational Level to administrative and operational procedures. This chapter will, therefore, be dedicated to Information Security Governancerelated directives, policies, detailed sub-policies and procedures.All the documents will be organized in an Information Security Policy Architecture (ISPA) which is actually the output of the whole Direct Cycle. Before doing that, firstly what some international best practices say about Information Security policies, procedures, etc, will be discussed 6.2 ISO 27002 on Policy Aspects Clause 5 of ISO 27002 [1] requires Management to issue and ensure the maintenance of an Information Security Policy (document) across the organization. In Paragraph 0.6 of ISO 27002, an Information Security Policy document is seen as common practice and, therefore, an essential component of any Information Security plan. Control 5.5.1 states very clearly that an Information Security Policy document: must exist; must have been approved by senior management; and all parties mentioned in the scope of the Policy must be aware of the policy and its content. |
| Web Link | http://www.springerlink.com/content/x44914874r487vq1/fulltext.pdf?page=1 |