Skip to Main Content
Idaho State University home

II. Organizational Policies & Procedures

Policies procedures must be looped which reflects the significance of the information resource.

A. Scope Of Security Mechanisms

Security policies specify the rules that govern how information is to be protected; security mechanisms enforce these policies. Since a secure system is one that should be part of the total organization, the scope of the security mechanism may include all the administrative, procedural, physical, operational, and technical aspects of the organization.

B. Basic Goals

The basic goals of a secure system are:

  • Prevention includes those organizational, operational, and physical methods thought necessary to keep a system secure from both internal and external penetration;
  • Deterrence includes those policies, procedures, and actions designed to discourage penetration of the system;
  • Containment focuses on keeping sensitive data within the system;
  • Detection means to find the nature, existence, presence, or fact of the system penetration;
  • Recovery is the action necessary to restore a system’s computational capability and data files after a system failure or penetration. A disaster plan is part of recovery.

C. Written Management Policies & Procedures

Once sensitive data are identified, and policies and procedures for handling sensitive data have been established, these policies and procedures must be communicated to those who are affected. A variety of methods including training and a security manual may be used for communicating this information.