Security Policy Framework Outline

1366 Words6 Pages
Security Policy Framework Outline for the State of Maryland AA CSIA 413 May 14, 2015 Category/Enterprise Area | Commentaries | Security Assessment and Authorization | A.)Organizations will create an Authorization to Operate (ATO) document that authenticates security controls that are effectively implemented to safeguard confidential information (Department of Information Technology, 2013). | | B.)Upholders of confidential information must, through the completion of authorization form validate the completeness and propriety of security controls used to safeguard it before initiating operations (Department of Information Technology, 2013). | Risk Management | A.)Helps organizations identify risk, assess rick, and take the necessary…show more content…
| System and Information Integrity | A.) Information integrity security controls must be implemented for flaw remediation, information system monitoring, and information input restrictions and output handling and retention (Department of Information Technology, 2013). | | B.) Organization shall protect against malware by implementing anti-malware and anti-malware solutions that, to the necessary extent possible. Intrusion prevention/detection tools and techniques must be employed to monitor, detect, and identify events of unauthorized confidential information and information systems (Department of Information Technology, 2013). | Physical/Environmental | A.) “Organization has policies in place that dictate the physical access to information technology equipment, media storage areas, media storage devices, and infrastructure. This policy will prevent and control unauthorized use and access to state owned information systems” (Department of Information Technology, 2013).…show more content…
Organizations must identify all personnel with information system security roles and responsibilities, and must be documented” (Department of Information Technology, 2013). | | B.) “Organization must determine the security category of an information system. This requires consideration of the sensitivity of the information resident on that system. Impact values assigned to the respective security objectives (confidentiality, integrity, availability) shall be considered at least ‘moderate’ if the information stored on them is considered ‘confidential” Department of Information Technology, 2013). | Incident Response | A.) Organizations must clearly communicate incidents and events any observable occurrence in a network or system throughout Maryland state government and supported agencies, it is essential for the agency incident response teams to adopt a universal set of terms and relationships between those terms (Department of Information Technology, 2013).

More about Security Policy Framework Outline

Open Document