Application Responsibilities
For the most part, data and process owners are not as technology savvy as their programmers or administrators. Even those who started their professional lives as “techies” now find themselves at the mercy of the applications they deploy to be reliable and work within the organization’s information security environment.
Internet policies for applications should be limited to securing data and file transfers as well as authentication of those transfers. Other aspects of application security should be left to other policy areas, such as the organization’s Software Development Policy for in-house–created programs (see Chapter 11, “Software Development Policies”). By keeping it simple, you can keep the focus on the ...
Get Writing Information Security Policies now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
