We handle incidents to assure the academic network security.
To helps the institutions connected to our network to protect their information, we have developed a guide with recommendations to prepare an Information and Communication Security Policy - POSIC, containing good practices for construction of the document.
Why does my organization need a Policy?
The need to control and protect information has become critical for the organizations, whether due to legal or business requirements, enabling them to maintain their full operation.
The need to implement the Security Policy in the Federal Public Administration bodies and entities was established by the Presidency of the Republic in 2008, in Complementary Norm No. 03. To assess the level of maturity of these organizations in relation to the topic, at every two years, the Federal Court of Auditors (TCU) performs a survey of IT Governance information.
In 2014, it was found out that 50% of the surveyed bodies and entities do not have a formally defined POSIC. According to TCU, the lack of POSIC is a worrying indication, once this guideline document is one of the first steps in building information security management.
How to elaborate a Security Policy?
First of all, good initial planning shall be done. See some content that can be covered in the document:
- Use of institutional e-mail
- Information handling
- Access Controls
- Human Resources Security
- Safety incident management
- Risk management, audit and compliance