Information Technology Reference
In-Depth Information
Fig. 9.2 Deming process
System
concept
Implementation
Improvement
Analysis
also not only to correct initial design faults. The overall process should rather make
sure that—especially within the IT area—the newest technological developments
are taken into account regarding security aspects.
9.5.2 Commitment
A policy or directive without commitment and the threat of sanctions only pos-
sesses its paper worth, on which it is printed. Legally there are a number of
possibilities to ensure the compliance to such a document.
9.5.2.1 Noncompliance
Notice to the IT security officer.
9.5.2.2 Acknowledgement of Instructions/Sample
This directive should be part of comprehensive employee security instructions.
At the end the following agreement can be signed:
Acknowledgement of the Directive
“Please read the present security directive and countersign it at the bottom of the
document. One copy with your signature will be kept by the IT security officer.
With your signature you acknowledge:
I have received the security directive, understood its meaning and agree to it.
.
...
Confirmation of individual requirements from the directive
<
>
Confirmation of the confidentiality clause
<
>
Confirmation of liability and responsibility
<
>
