Skip to content. Skip to navigation Oracle Application Development & System Programmer Sacramento California

Knowledge Base

Services

Lecture Series

Technical Papers & Write-Ups

Help Center

Successful IT Projects

Oracle Developers

Data Modelers

Database Administrators

Java Developers

Microsoft Developers

IT Project Managers

Enterprise Architects

Document Actions

Procedure Step:Security Policy

by Ritesh Saxena — last modified 2007-03-01 23:36

Audit Step:

To determine whether the agency has developed and communicated a comprehensive information security policy covering the application, or equivalent document, as required by State Policy. This should include:

· A clear description of the agency's information security program, and policies and procedures that support it;

· Clearly defined responsibilities for all information security matters;

· An indication of specifically what resources are devoted to information security;

· A framework and continuing cycle of activities for managing risk, developing security policies, assigning responsibilities, and monitoring the adequacy of the agency's computer-related controls; and,

· A description of the lines of communication for information security related to the application.

Purpose:

To determine whether there is clearly defined information security program at the agency over the application in-question.

Telecommand Software and Services

This site conforms to the following standards: