Security Policies And Control And Password Management...

Security policies are rules and guidelines formulated by an organization to manage access to information systems and/or computer networks. Simply put, these policies exist to govern employees, business partners, and third-party contractors with access to company assets. Furthermore, some policies exist to comply with laws and regulatory requirements. These policies are part of the company information security management system (ISMS), and are usually administered to employees by Human Resources or distributed to business partners and contractors via the Technology department. In sum, security policies protect assets from illegal or damaging actions of individuals. Of course, many security policies exist, but this review will focus on the†¦show more content†¦These standards appear in the ISO/IEC 27000 series, the industry recognized best practices for development and management of an ISMS (pg. 68 of CISSP). To clarify, ISO 27002 Information Technology Security Techniques Cod e of Practice for Information Security Management module falls within the ISO 27000 Framework. Ultimately, HHI’s objective will be to comply with industry standards and governmental regulations by designing sound security policies using ISO 27000 standards. As has been mentioned in the previous section, the ISO/IEC developed the ISO 27000 framework, which includes the ISO 27002 standards (page 37). Furthermore, the ISO 27002 standards contain 12 domains; nevertheless, this review will focus on the Access Control domain to rewrite the new user and password requirement policies. Moreover, the Access Control domain has seven subdomains: Business Requirements for Access Control; User Access Management; User Responsibilities; Network Access Control; Operating System Access Control; Application and Information Access Control; Mobile Computing and Teleworking. Specifically, the Network Access Control subdomain delves into user access management and user responsibilities. In summary, the ISO 27002 standards encompasses 12 domains to â€Å"establish guidelines and principles for initiating, implementing, maintaining, and improving information security management within and organization