Welcome to part two in our sequence on the key elements of an information security policy.
In part one, we covered the first three elements, the purpose and scope, data classification, roles and responsibility.
Key elements four, five, and six, access control, risk management, physical and environmental security. I think it’s important to note that we’re just giving a brief description of the 12 key elements in each of these parts of the sequence.
We’ll go into greater detail in future segments, but we wanted you to have at least an overall understanding. So let’s get started covering key elements four, five, and six.
- Key element number four is access control, and this relates specifically to information systems and data and it provides the governance rules for granting, reviewing, and or revoking access to those two areas. It also includes the guidelines for user authentication and authorization.
- The fifth key element is risk management, and that can have or take on a much broader context in the overall organization, but specifically as it relates to your information security policy, it’s essentially identifying, assessing, and mitigating the risks to your information assets. This does include regular risk assessments and then updating the policy as needed.
- The sixth key element is physical and environmental security. And this relates to the measures you’ve taken to protect hardware and data within specific facilities, for instance, like your buildings or server rooms or areas where there’s sensitive data stored. We’ve now covered the first six key elements of an information security policy.
Part two here today, we covered four, five, and six, access control, risk management, physical and environmental security. I encourage you to go to huntleigh.com/video or huntleigh.com/blog to get a wealth of information on some of these topics, go into more detail.
Parts three and four, we’re going to cover the remaining six key elements. And then you can look forward to future segments where we dive in. We do a more deep dive into some of those details. So for now, I’ll look forward to seeing you soon.