Information Security Policy Architecture Project

Download Free Information Security Policy Architecture Project

1. Selecting an information security policy architecture development/review team. The size of the team will vary depending on the organization size. A suggestion for the policy development team would be as follows:
a. Senior administrator (servers, network devices);
b. Management team member who will be assisting with enforcement;
c. Counsel team member;
d. Internal audit team member;
e. User community member (this person could be the policy interpreter before implementing into the enterprise);
f. Writer—a technical writer, if possible.

2. Reviewing the information security team’s reporting structure to ensure appropriate staffing for monitoring and appropriate level of authority for enforcement.
3. Deciding on the scope, mission, and objectives of the policy architecture.
4. Selecting a sample staff and support population for review and input before implementation.
5. Acquiring sign-off from the executive management team, depending on the level of document being implemented.
6. Implementing the information security policy architecture and setting up user awareness sessions.
7. Documenting the review and maintenance process of the information security policy architecture.

The development and implementation time for an information security policy architecture will depend on the scope of the information security policy architecture, the size of the organization, and the priority of this initiative for the executive management team.