Embedded Files
Definition of IT Policy
What is IT Policy?
A set of protocols designed to guide organizations with decisions, achieve rational outcomes and to ensure compliance inside and outside of an organization. These policies are designed and implemented to guide organizations to meet their goals and objectives. IT Policy sets rules or protocols that are designed to ensure compliance within as well as outside organizations, to guide technology users with the purpose of achieving goals and objectives.
Guidelines
Serving as guidelines created by senior IT management to provide guidance and decision making for successful operations.
The IT Policy guidelines include: [4]
· Defining the scope of policy – describing organizational departments affected by the policy and what actions are impacted by the policy.
· Identifying issues – policy makers to engage with key stakeholders to discover all concerns and issues and to develop appropriate strategies to overcome them.
· Provide training – with the ongoing changes in organizational needs, policies will change also. It is viable to provide related training accordingly.
· Maintain policy – the policy should include periodic reviews, feedback, and updates provided by affected parties.
· Define strategic communication – communication is an important key component to success. Annual performance reviews are examples of business processes and policy must remain consistent and applied to all communication channels.
Tools & Best Practices
IT Policy tools, techniques, and best practices include:
· NIST-CF - provides a computer security guidance for how organizations can assess and improved their ability to detect, respond, and prevent cyber-attacks. This framework offers specific cybersecurity guidelines to supplement not to replace current standards available to organizations.
· FIMSA-CF - The Federal Information Security Management Act, FIMSA, is an extensive cybersecurity framework which protects federal government, and those who work on behalf of federal agencies, information and systems against cyber threats. This framework is aligned with NISY standards and requires agencies to maintain an inventory of their assets and identify integrations between networks and systems. [5]
· COBIT - a framework which can equip organizations with a process model to deliver value, practice better risk management associated with IT and guarantee the integrity of information systems. The main focus of COBIT framework is to provide organizations with process based model related to planning, delivering, acquisition and monitoring associated business responsibilities of IT processes.
Page updated
Google Sites
Report abuse