“IT policy is an administrative and operational procedures allowing and facilitating the disciplined and systematic implementation of sound and safe IT in support of organizational goals and business processes”. (Halstead-Nussloch)
Framework
NIST Cybersecurity Framework- This Framework provides a computer security policy framework to guide how organizations in the United States can assess and improve their ability to prevent, detect, and respond to cyber attacks. (NIST, Wikipedia)
This framework is created through collaboration between industry and government, the voluntary Framework consists of standards, guidelines, and practices to promote the protection of critical infrastructure. The prioritized, flexible, repeatable, and cost-effective approach of the Framework helps owners and operators of critical infrastructure to manage cybersecurity-related risk. (New to Framework)
Relationship with IT policy: If using NIST Cybersecurity Framework is any organization’s strategy then it becomes an integral part of the Information Technology which means IT has to implement it and align with IT policy.
Resources:
Example IT Policies, IT Policy Templates and IT Policy Setting Advice
- EDUCAUSE Review 2016 Article on Cyber Risk Policy- https://er.educause.edu/articles/2016/2/crafting-and-implementing-a-policy-to-reduce-cyber-risks
- NIST Cybersecurity Framework- https://www.nist.gov/cyberframework
- NIST Computer Security Resource Center- (https://csrc.nist.gov/publications/)
- SANS.org- Community Consensus Password Policy Template- https://www.sans.org/security-resources/policies/general/pdf/password-protection-policy
- The Georgia Technology Authority’s (GTA) IT Enterprise Policies, Standards and Guidelines-https://gta-psg.georgia.gov/book-page/enterprise-policies-standards-and-guidelines The GTA sets policy, standards and guidelines for the state agencies’ IT organizations to follow. This site is a very informative web portal about IT policy within Georgia and is worth an hour or so of your time to