Updating of security procedures definition
This will also provide examples and resources to assist agencies in creating new operational security policies and procedures or aid with enhancing existing programs.
Introduction Integrating routine security activities into daily agency operations will help improve the security posture of the agency and assist with meeting compliance requirements at local, state, and Federal levels.
Most organisations opt to write the security policies themselves, using common sense and their own experiences as a guideline.
However, there are also software packages available from organisations, such as Pentasafe (recently acquired by Net IQ), that automate the ability to create these policies.
It is a fine balance that needs to be monitored closely and consistently, but often isn't.
The reason for today's renewed interest in security policy is the continued expansion outside the traditional boundaries of an organisation with partners and suppliers, as well as a closer tie-in to responses to business continuity should a disaster occur.
It will meet the common goal between agencies and the IRS to safeguard Federal tax information (FTI).
Who is responsible for securing an organization's information? By definition, security policy refers to clear, comprehensive, and well-defined plans, rules, and practices that regulate access to an organization's system and the information included in it.Current operational security procedures related to safeguarding FTI consists of the SAR process in which agencies provide updates to their safeguarding procedures on an annual basis.The computer security controls outlined in the current version of the IRS Publication 1075 direct agencies to several key areas which focus on operational security. Ultimately, it is not only individual employees or departments that are responsible for the security of confidential information, but also the institution itself.Good policy protects not only information and systems, but also individual employees and the organization as a whole.