Cybersecurity Policies and Procedures

An Article written by Trainee Leena AlJaawan From King Saud University about Cybersecurity policies and procedures.


Acceptable Use Policy (AUP) AUP is a standard policy for new employees, which is a constraints and practices that an employee sign it to use an organizational IT assets and get access to the network. Access Control Policy (ACP) ACP is an employee’s accessibility to an organization’s data, information systems, user access, network access controls, operating system software controls and the complexity of corporate passwords. Change Management Policy Process for making changes to IT, software development and security services/operations to increase the awareness and understanding of proposed changes across an organization. Disaster Recovery Policy It developed as part of the business plan. CISO and teams will manage an incident through the incident response policy. If the event has a business impact, the Business Continuity Plan will be activated. Business Continuity Plan (BCP) BCP use the disaster recovery plan to restore hardware, applications and data. BCP’s are unique to each business because they describe how the organization will operate in an emergency. Email/Communication Policy It is a document to outline how employees can use the business electronic communication medium as email. The goal is to provide guidelines to employees on acceptable and unacceptable use of any communication technology. Information Security Policy it is a high-level policy that can cover a large number of security controls. The primary information security policy is issued by the company to ensure that all employees who use information technology assets within the breadth of the organization, or its networks, comply with its stated rules and guidelines. Incident Response (IR) Policy Management of an incident and remediate the impact to operations. The goal of this policy is to describe the process of handling an incident with respect to limiting the damage to business operations, customers and reducing recovery time and costs. Remote Access Policy It is a document which outlines acceptable methods of remotely connecting to an organization's internal networks. This policy is a requirement for organizations that have dispersed networks with the ability to extend into insecure network locations. Reference: https://bit.ly/2GD7HsT