Databases Reference
In-Depth Information
New policies and procedures (most likely enhancements to existing pol-
icies) highlight the new environment and present an opportunity to dust
off and update old policies. Involve a broad group of customers and func-
tional support areas in the update to these policies. The benefits are many.
It exposes everyone to the issues surrounding the new technologies, the
new security issues and challenges, and gains buy-in through the develop-
ment and approval process from those who will have to comply when the
policies are approved. It is also an excellent way to raise the awareness lev-
el and get attention to security up front.
The most successful corporate security policies and procedures ad-
dress security at three levels, at the management level through high-level
policies, at the functional level through security procedures and technical
guidelines, and at the end-user level through user awareness and training
guidelines. Consider the opportunity to create or update all three when im-
plementing Internet, intranet, and WWW technologies.
Since these new technologies increase the level of risk and vulnerability
to your corporate computing and network environment, security policies
should probably be beefed up in the areas of audit and monitoring. This is
particularly important because security and technical control mecha-
nisms are not mature for the Internet and WWW and therefore more man-
ual processes need to be put in place and mandated to ensure the
protection of information.
The distributed nature of Internet, intranet, and WWW and their inher-
ent security issues can be addressed at a more detailed level through an in-
tegrated set of policies, procedures, and technical guidelines. Because
these policies and processes will be implemented by various functional
support areas, there is a great need to obtain buy-in from these groups and
ensure coordination and integration through all phases of the systems' life
cycle. Individual and collective roles and responsibilities should be clearly
delineated to include monitoring and enforcement.
Other areas to consider in the policy update include legal liabilities, risk
to competition-sensitive information, employees' use of company time
while “surfing” the Internet, use of company logos and trade names by em-
ployees using the Internet, defamation of character involving company em-
ployees, loss of trade secrets, loss of the competitive edge, ethical use of
the Internet, etc.
DATA CLASSIFICATION SCHEME
A data classification scheme is important to both reflect existing catego-
ries of data and introduce any new categories of data needed to support
the business use of the Internet, electronic commerce, and information
sharing through new intranet and WWW technologies. The whole area of
Search WWH ::
Custom Search