Archive for policy
You are browsing the archives of policy.
Policy and Procedure
Each of the seventeen families of security controls found in 800-53 contain a first control that requires the development of policy and procedures for that specific family of controls. Here is an example from the PL family:
800-53 security control PL-1 SECURITY PLANNING POLICY AND PROCEDURES
Control:
The organization develops, disseminates, and periodically reviews/updates: (i) a formal, documented, [...]
Contingency Plan
Policy
Identify statutory or regulatory requirements
Create a policy statement
Get the policy statement approved
Publish the policy statement
Key elements of policy
Roles and responsibilities
Scope
Resources required
Training required
Testing and exercises schedule
Maintenance schedule
Backup and storage schedule
Business Impact Assessment (BIA)
The BIA is a critical piece of the CP that establishes requirements for the strategy and procedures in the rest of the CP.
Identify critical [...]
Google recon
Going beyond simply reading a web page and extracting helpful information from it, google can be used to find much more information that can aid an attacker.
Searching for target information - the attacker often begins by doing simple searches and building some kind of knowledge record or map of what they have learned. This [...]
