Information, Articles, Tools, and Useful LinksCommittee Listings, Member Forums, and Find a CITPInformation on AICPA Tech. Conference, Seminars, Webcasts, and ConferencesIT Section Membership Information, CITP Credential Information, Members Only Tools and Communications, and MorePublications, CPE, Conferences, and Webcasts
 
Search
 

Search Options
Infotech Home > Resources > System Security & Reliability > Security Standards, Frameworks and Guidelines > Security Policies and Procedures

Security Policies and Procedures

A security policy provides a framework for making specific decisions, such as which defense mechanisms to use and how to configure services, and is the basis for developing secure programming guidelines and procedures for users and system administrators to follow. Because a security policy is a long-term document, the contents avoid technology-specific issues. Factors that contribute to the success of a security policy include management commitment, technological support for enforcing the policy, effective dissemination of the policy, and the security awareness of all users. Security procedures are specific steps to follow that are based on the computer security policy. Procedures address such topics as retrieving programs from the network, connecting to the site's system from home or while traveling, using encryption, authentication for issuing accounts, configuration, and monitoring. Security policy and procedures are designed to protect against unauthorized access to systems and information assets.

 

The Payment Card Industry Data Security Standard (PCI DSS)
The Security Standard Council produced a set of comprehensive requirements for enhancing payment account data security. The council's mission is to produce standards that can be adopted globally to provide consistent data security measures. The standard is meant to assist organizations to take the initiative to implement measures that will ensure that customer account data is not comprised. Learn More>>