IA: Context of IA Services - Information Assurance Architecture

Information Technology Reference

In-Depth Information

n

Business managers, system administrators, and security administrators reflect

published policy in operations.

8.6.1.2

Policy Drivers

Drivers behind security policy development include both business and technical.

Business drivers precede the need for the technology that supports it. The intro-

duction of new technology requires policies to guide its appropriate and secure

use. The policy development process applies to both initial development and ongo-

ing maintenance.

8.6.1.3

Commentary

Policies may represent corporate law but should not be caught up in the semantics

of actual law, where entirely too much emphasis is put on the letter of the law

and not its spirit. Corporate policy should state the intent of the policy, provide

examples, and provide guidance on appropriate action and on consequences for

noncompliance. The bottom-line message should be, when in doubt, act in keep-

ing with the spirit of the policy; keep the best interests of your fellow employees and the

organization in mind .

Policy should be a driving force behind individual action; unfortunately, many

employees remain unaware that policies exist and the details of the contents. Policy

creation must go hand-in-hand with policy dissemination, often in the form of an

awareness program.

8.6.1.4 Policy Examples: E-Mail and Internet Appropriate Use

The business drivers include optimizing productivity by minimizing time-wast-

ing activity such as searching the Internet for personal reasons. Another goal of

appropriate use is to avoid liability claims and litigation costs because of offensive

material disseminating through organizational equipment. The IA architect must

balance this big brother perspective against employee empowerment and against

creating an oppressive workplace atmosphere.

Appropriate use policies for e-mail and the Internet are two instances of a

broader concern: appropriate use of electronic communication media. Although e-

mail and Internet figure prominently as the two most widely used electronic media,

an IA architecture requires a more comprehensive approach. An effective IA archi-

tecture provides for appropriate use of at least:

n

E-mail

Internet/WWW

Intranet

Search WWH ::

Custom Search

Home