Reporting of Security Problems

Enforcement of these policies should be everyone’s responsibility, not just the administrator’s. Earlier policies have provisions for users to assist in their enforcement, but none define the full impact of that reporting. Writing the policies for reporting is like all the other policies in this chapter—they are highly dependent on the environment and legal requirements for enforcing the policies.

Handling of Information Security Incident Reporting

Incident reports can come from a number of sources. Administrators can find security problems, and policies can be in place for users to report violations. Incidents can be reported outside the organization through other administrations reporting problems that seem ...

Get Writing Information Security Policies now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.