Summary
This chapter discussed the need to understand exactly what is being protected. This understanding goes beyond the hardware and software that makes up the system but integrates the business process into the preparation process. Your ability to support your policy decisions will determine the success of the document.
Identify what is to be protected:
Hardware. CPUs, boards, keyboards, terminals, workstations, personal computers, printers, disk drives, communication lines, terminal servers, and routers.
Software. Source programs, object programs, utilities, diagnostic programs, operating systems, and communication programs.
Data. During execution, stored online, archived offline, backups, audit logs, databases, or in transit over ...
Get Writing Information Security Policies now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
