13. Virtual Private Networks (VPN) Flashcards
(2 cards)
Who should be involved in making or writing a security policy, according to the sources?
According to the sources, the following individuals or groups should be involved in writing a security policy:
* Site security manager
* IT technical staff
* User representatives
* Security incident response team
* Responsible management
* Legal counsel
Why is it important to involve multiple stakeholders in creating a security policy? Briefly explain the role or perspective of some of these individuals/groups.
Involving various stakeholders is crucial for creating a comprehensive, practical, and enforceable security policy.
* Site security manager / Responsible management: They help define how secure the organisation aims to be, what threats are relevant, the balance between risk, convenience, and cost, and ensure the policy aligns with business objectives. They are responsible for the overall framework and ensuring the policy can be enforced with sanctions.
* IT technical staff: They understand the technical aspects, system administration procedures, and security tools. Their involvement ensures the policy has a viable implementation and can be technically enforced.
* User representatives: Policies must be acceptable to the users. User representatives provide the perspective of those who must abide by the rules, ensuring the policy is practical and convenient for the end-users. They also help define their obligations for protecting assets.
* Security incident response team: Their experience with past incidents helps identify relevant threats and what resources need protection.
* Legal counsel: Ensures the policy complies with relevant laws and addresses legal implications, including what happens if the system is compromised and supporting legal action.
