ECON 261 Study Guide - Midterm Guide: Cybercrime, Web Design, Log Analysis

In general, a security awareness program seeks to inform and focus an employee"s attention on issues related to security within the organization. A security training program is designed to teach people the skills to perform their is-related tasks more securely. An organizational security policy is a formal statement of the rules by which people that are given access to an organization"s technology and information assets must abide. Representatives of the user groups affected by the security policy responsible management . Iso 27002 is a comprehensive set of controls comprising best practices in information security. It is essentially an internationally recognized generic information security standard. 17. 6 what principles should be followed in designing personnel security policies: least privilege: give each person the minimum access necessary to do his or her job. This restricted access is both logical (access to accounts, networks, programs) and physical (access to computers, backup tapes, and other peripherals).