An Article written by Trainee Leena AlJaawan From King Saud University about Cybersecurity policies and procedures.
Cybersecurity Policies and Procedures
By Leena AlJaawan
Acceptable Use Policy (AUP)
AUP is a standard policy for new employees, which is a constraints and practices that an employee sign it to use an
organizational IT assets and get access to the network.
Access Control Policy (ACP)
ACP is an employee’s accessibility to an organization’s data, information systems, user access, network access controls,
operating system software controls and the complexity of corporate passwords.
Change Management Policy
Process for making changes to IT, software development and security services/operations to increase the awareness and
understanding of proposed changes across an organization.
Disaster Recovery Policy
It developed as part of the business plan. CISO and teams will manage an incident through the incident response policy.
If the event has a business impact, the Business Continuity Plan will be activated.
Business Continuity Plan (BCP)
BCP use the disaster recovery plan to restore hardware, applications and data. BCP’s are unique to each business
because they describe how the organization will operate in an emergency.
It is a document to outline how employees can use the business electronic communication medium as email. The goal is
to provide guidelines to employees on acceptable and unacceptable use of any communication technology.
Information Security Policy
it is a high-level policy that can cover a large number of security controls. The primary information security policy is
issued by the company to ensure that all employees who use information technology assets within the breadth of the
organization, or its networks, comply with its stated rules and guidelines.
Incident Response (IR) Policy
Management of an incident and remediate the impact to operations. The goal of this policy is to describe the process of
handling an incident with respect to limiting the damage to business operations, customers and reducing recovery time
Remote Access Policy
It is a document which outlines acceptable methods of remotely connecting to an organization's internal networks. This
policy is a requirement for organizations that have dispersed networks with the ability to extend into insecure network