Page 717 - StudyBook.pdf

P. 717

Operational and Organizational Security: Policies and Disaster Recovery• Chapter 12 701

EXERCISE 12.01

CREATING POLICIES
Use the following template to create one of the security policies dis-
cussed in the previous sections. Instructions are provided as to what
information should appear in each of the sections included in a policy.

Scope: Subject:
Replaces: Effective Date: Re-evaluation Date:

Expiration Date: Originator:
INDEFINITE

1.0 Preamble

1.1 This section explains the purpose of the policy, including refer-
ences to any existing statutes or legislation that may be related
to its creation.
2.0 Deﬁnitions

2.1 This section provides deﬁnitions of terms used in the document.
For example, brief explanations of equipment (such as ﬁrewalls)
or new teams created to deal with speciﬁc issues (such as an
Incident Response Team who will deal with security incidents)

3.0 Items Pertaining To This Policy
3.1 This section provides information on individual rules making up
the policy, information on related procedures, or references to
other policies and procedures related to this one.

4.0 Responsibilities

4.1 This section outlines who is responsible for carrying out this
policy, investigating violations, or ﬁxing problems as they occur.

What everything means:

■ In the Scope section of the document, indicate whom the
policy applies to. This may be all employees of an organiza-
tion or a single department (such as the IT staff).

www.syngress.com

712 713 714 715 716 717 718 719 720 721 722