Rafeeq Rehman

Information Security and Risk Management

PolicyDOC Version 2.3 is available

Posted by rr on November 26, 2009

Posted in Information Security Architecture | Leave a Comment »

Policy Management: What are appropriate sections in a Policy Template

Posted by rr on November 26, 2009

When writing policies for an organization, it is a good practice to build a policy template that all policies follow. When doing research on essential sections in each policy, I came up with the following list.

  1. Scope
  2. Business Objectives
  3. Compliance Objectives, e.g. PCI, SOX, FISMA, etc.
  4. Policy Overview
  5. Policy sections and subsection (This is the main part for policy statements)
  6. Compliance to Policy
  7. Roles and Responsibilities
  8. References
  9. Revision History
  10. Definitions
  11. Appendices

With a defined template, it becomes much more easy to create consistent policies across the organization. I shall be implementing this template in PolicyDOC (http://www.policydoc.com)

 

Posted in policy management | Tagged: | Leave a Comment »

Version 1.3 of Policy, Procedure and Exception Management

Posted by rr on September 13, 2009

PolicyDOC version 1.3 is released. This has one major new feature for drag and drop. Previous versions showed all sections of all policies on the “Organize Sections” page. For customers who had a large number of policies, this created a usability issue. In this release, sections related to only currently selected policy are displayed on this page which makes it very convenient to organize different sections within a policy using drag-drop functionality.

Posted in policy management | Leave a Comment »

CISSP Book: Draft 40 published

Posted by rr on June 11, 2009

Today, draft 40 of CISSP book is published. This is available for download at http://rafeeqrehman.files.wordpress.com/2009/06/cissp-book-40.pdf

Posted in CISSP Book | Leave a Comment »

iPhone development – getting started

Posted by rr on May 31, 2009

http://developer.apple.com/iphone/

Posted in Information Security Architecture | Leave a Comment »

iPhone Application Development

Posted by rr on May 31, 2009

Following is a good introductory video related to iPhone application developmennt.

Posted in Information Security Architecture | Leave a Comment »

Network Access Control Basics

Posted by rr on May 27, 2009

A good introductory video for NAC. Gives an overview for high level manager. Click Here to view.

Posted in Information Security Architecture | Leave a Comment »

New Updates to Policy Management Software

Posted by rr on April 12, 2009

A number of updates are made for Policy Management Software over the weekend. These include:

  1. Fixing permissions for user management.
  2. Fixed some issues with PDF file generation.
  3. Updated graphical report

Updated exception report graph is shown below.

Exception report for Open Source Information Security Policy Management

Exception report for Open Source Information Security Policy Management

Posted in policy management | Tagged: , | Leave a Comment »

Draft of policy exception graphic report

Posted by rr on March 22, 2009

The Policy and Exception Management Software enhancements are taking place now. Here is the first cut for graph for policy exception reports. The graphs show good information about the current status of policy exceptions that are pending or approved.

Policy and Exception Management (POEM)

Policy and Exception Management (POEM)

Posted in policy management | Tagged: , , , , , | Leave a Comment »

Signatures for Policy Exception

Posted by rr on March 16, 2009

Working on Policy and Exception Management software (POEM) version 2.0. Adding signatures using AJAX on Policy Exception web page was a challenge for few reasons. Just wanted to make sure that everything is done on a single form instead of creating a new form for signatures. It took some time to integrate add and delete functions to ensure the Exception form does not refresh. However it is done now! I hope to get the beta version 2.0 ready in a week timeframe with some good looking graphs.

Posted in policy management | Tagged: , , | Leave a Comment »