Threats occurring on organization’s assets are experienced daily due to change and improvement of technologies that are developed frequently. This paper will review an article on Building and Implementing a Successful Information Security Policy written by Danchev. The article was written to IT administrators to help them have understanding of how security policies should be implemented the document to be reviewed had the main aim of acting as a guide for the reader in matters of security, and also to give some benchmarks on how to implement security policies. The article has several aspects on information security such as assets to protect, threats to consider, factors to consider in developing security policy, and security threats management.
This article is of high quality for it provides various threats to be considered before developing a policy and discusses management of threats. Before developing the policy, the article first identifies assets that are useful in an organization which the author refers to as risk analysis. It is vital to identify what you are protecting in category of software, hardware, personnel. Also, identifies threats that occur in the specified assets which include physical threats and mostly internet threats. These two aspects are of great importance before one considers developing an information security policy.
On factors to consider when developing the policy, discussed several factors such as ensuring responsibilities of each staff member is outlined, defining clearly the purpose of the security policy, describe each asset, clearly state how Information Security Office (ISO) can be contacted, and lastly; after developing one ensure that you monitor and update your security policy. This aspect is very useful for it provides key things to look at when developing a policy.
On security threat management, best practices are discussed in align with the threats occurring in organizations’ assets. This article discusses clearly the best practices of each threat. There are hundreds of threats that do occur daily and thus need of security threat management.
This article is vital to IT administrators who have developed information security policies and also to those who have not. It gives advice on rebuilding security policy and thus valid even to date.
Danchev, D. (2003). Building and Implementing a Successiful Information Security Policy. Retrieved from http://www.windowsecurity.com/pages/security-policy.pdf