Policies form the foundation of any information security program and having strong data security policies is a critical component of your efforts to protect information. In this video, you’ll learn about the role that data security policies play in an organization and how to create appropriate security policies, particularly around data storage, transmission, retention, wiping, and disposal.
- [Instructor] Policies form the foundation…of any information security program,…and having strong data security policies…is a critical component of your efforts…to protect information.…Data security policies and procedures…place several important roles in an organization.…No matter what specific issue a policy or procedure covers,…it should meet sever key criteria.…Policies provide the foundational authority…for data security efforts.…Adding legitimacy to your work…and providing a hammer, if needed, to insure compliance.…
They also offer clear expectations for everyone…involved in data security,…by explaining what data must be protected,…and the controls that should be used to protect that data.…They provide guidance on the appropriate paths…to follow when requesting access to data…for business purposes,…and they offer an exception process…for formally requesting policy exceptions…when necessary to meet business requirements.…Let's take a look at a few of the key issues…that your data security policies should cover.…
Members who take all eight courses in the series will be prepared to take and pass the CISSP exam. Find the companion study books at the Sybex test prep site and review the complete CISSP Body of Knowledge at https://www.isc2.org/cissp-domains/default.aspx.
- Understanding data security policies and roles
- Limiting data collection
- Developing security baselines
- Leveraging industry standards
- Restricting access to data with Windows and Linux file permissions
- Encrypting data
- Securing cloud storage