Policies form the foundation of any information security program, and having strong data security policies is a critical component of your efforts to protect information. In this video, learn about the role that data security policies play in an organization, and how to create appropriate security policies, particularly around data storage, transmission, retention, wiping, and disposal.
- [Narrator] Policies form the foundation…of any information security program,…and having strong data security policies…is a critical component of your efforts…to protect information.…Data security policies and procedures…play several important roles in an organization.…No matter what specific issue a policy or procedure covers,…it should meet several key criteria.…Policies provide the foundational authority…for data security efforts,…adding legitimacy to your work…and providing hammer if needed to ensure compliance.…
They also offer clear expectations…to everyone involved in data security…by explaining what data must be protected…and the controls that should be used…to protect that data.…They provide guidance on the appropriate paths…to follow when requesting access to data…for business purposes,…and they offer an exception process…for formally requesting policy exceptions…when necessary to meet business requirements.…Let's take a look at a few of the key issues…that your data security policies should cover…following these principles that I just described.…
Find the companion study books at the Sybex test prep site and review the complete CISSP Body of Knowledge at https://www.isc2.org/cissp-domains/default.aspx.
Note: This course is part of a series releasing throughout 2018. A completed Learning Path of the series will be available once all the courses are released.
- Understanding data security policies and roles
- Limiting data collection
- Developing security baselines
- Leveraging industry standards
- Restricting access to data with Windows and Linux file permissions
- Encrypting data
- Securing cloud storage