|
HVBF Monthly Meeting - Information Systems
Roundtable Host: Loyola College in Maryland Attending: Ginny Hoefner, System Source Chairman Mark Robertson welcomed those attending and opened the Roundtable. Each person attending introduced themselves and their company. Daryl Sirota, Enterprise Consulting Engineer with System Source led our discussion on “A Security Policy Primer”. Understanding what a security policy is and the need to have one is the first step in implementation. Without a policy there is no security. Policy defines proper behavior, sets the stage for needed tools, communicates a consensus, provides a foundation for HR action in the event of inappropriate behavior and aides in prosecuting this behavior. Policies define who and what to trust and to what degree. Effective policies will impede some work process as a consequence to security. There are no exceptions to the “policy for everyone” rule. Policy should be developed by a team including management at all levels as well as users. Security policy should be a part of new employee orientation. Ease of implementation, enforceability and consequences for violations should be a part of policy. The policy should define the appropriate use of the company’s computing process, establish levels of acceptance for electronic mail, web access, and use for non-business purposes. Remote access policies must be clearly defined with firewall integrity a must. Daryl suggests www.sans.org as a good source for beginning or verifying the
security policy process. Please advise if you would like me to email Daryl’s
presentation to you. Vern Winter of MarquipWardUnited won the travel mug donated by Steve O’Connor of TESST College of Technology. |