Page 718 - StudyBook.pdf
P. 718

702    Chapter 12 • Operational and Organizational Security: Policies and Disaster Recovery


                         ■   In the Subject section of the document, enter the title of the
                             policy. This could be the name of any of the types of policies
                             discussed so far, such as the acceptable use policy or a varia-
                             tion that deals with a single issue, such as an Internet policy
                             that explains acceptable use of the Internet.

                         ■   If you were updating an existing policy, you would enter the
                             name of the policy in the Replaces section. Since you are cre-
                             ating a new policy, write NEW in this section of the docu-
                             ment.
                         ■   The Effective Date section states when the new policy comes
                             into effect. Until this date, there is either no policy in effect,
                             or you will follow any of the old policies this one replaces.

                         ■   The Re-evaluation section states when this policy will be
                             reevaluated to ensure it is up-to-date. Many organizations do
                             so on a yearly basis, to ensure that the policies are still appli-
                             cable, so enter a date that is one year from the date entered
                             as the Effective Date.

                         ■   The Expiration Date section is used for policies that have a
                             limited lifespan. For example, if you are creating a policy to
                             deal with heightened security measures following a terrorist
                             attack, the policy may only be in effect for a matter of
                             months. Generally, there is no set expiration date for policies,
                             so you would state that it is INDEFINITE.

                         ■   The Originator field is used to indicate who created the
                             policy. This can be the name of a person or department in the
                             organization. As you are the originator of this document,
                             write your name in this field.

                         ■   The Preamble section of the policy provides one or more
                             paragraphs outlining the reason for the policy. This explains
                             why the policy was created, what it hopes to accomplish, and
                             any other pertinent information (such as legislation) that
                             makes the policy necessary.
                         ■   The Definitions section is provided to explain terms that the
                             reader may be unfamiliar with. As you write your document,
                             you should add any such definitions to this section.

                         ■   The Items Pertaining to this Policy section is the bulk of the
                             policy, and will contain the rules, regulations, and any neces-




          www.syngress.com
   713   714   715   716   717   718   719   720   721   722   723