Let's start with the basics. What does the word sound mean? Merriam-Webster Dictionary defines the adjective (at it is used here) as; free from injury, flaw, defect, error, fallacy or decay. It also can mean solid, legally valid, logically valid, or even deep and undisturbed (Merriam-Webster, 2012). Most already knew that but now let's put that with the word policy, which is a set of guidelines for employees to follow (Whitman & Mattord, 2010).
Let's put these words together and come up with a meaning for a sound policy. A sound policy is a set of guidelines for employees to follow that is free of flaw, defect and error. What do you think of that? Pretty sweet explanation of a sound policy, huh! Well, how does one get a policy which is free of flaw, defect and error? The answer? Using a good security management model. A security management model provides common accepted information security principles that help a company develop a security blueprint (model) for their business. It also helps describe what principles a security team should help integrate into a security process (Whitman & Mattord, 2010).
The National Institute for Standards and Technology and
International Organization for Standardization are the two major resources for
providing these types of models. The
ISO's site can be located at http://praxiom.com/. NIST models can be found at
http://csrc.nist.gov. I suggest that if
you are planning on creating a security policy that you go to one of these
sites and go through their models. Find
one of the models that best suits your needs and follow it to the T. If you do, you will find that your end result
will be a sound policy!
References:
Merriam-Webster. (2012). Definition of sound. Retrieved July 3, 2012 from http://www.merriam-webster.com/dictionary/sound
Whitman, M. & Mattord, H. (2010). Management of Information Security. Boston, MA: Course Technology, Cengage Learning.
No comments:
Post a Comment