PolicyDOC Version 2.3 is available

Policy Management: What are appropriate sections in a Policy Template

When writing policies for an organization, it is a good practice to build a policy template that all policies follow. When doing research on essential sections in each policy, I came up with the following list.

1. Scope
2. Business Objectives
3. Compliance Objectives, e.g. PCI, SOX, FISMA, etc.
4. Policy Overview
5. Policy sections and subsection (This is the main part for policy statements)
6. Compliance to Policy
7. Roles and Responsibilities
8. References
9. Revision History
10. Definitions
11. Appendices

With a defined template, it becomes much more easy to create consistent policies across the organization. I shall be implementing this template in PolicyDOC (http://www.policydoc.com)

 

Version 1.3 of Policy, Procedure and Exception Management

PolicyDOC version 1.3 is released. This has one major new feature for drag and drop. Previous versions showed all sections of all policies on the “Organize Sections” page. For customers who had a large number of policies, this created a usability issue. In this release, sections related to only currently selected policy are displayed on this page which makes it very convenient to organize different sections within a policy using drag-drop functionality.

CISSP Book: Draft 40 published

Today, draft 40 of CISSP book is published. This is available for download at http://rafeeqrehman.files.wordpress.com/2009/06/cissp-book-40.pdf

iPhone development – getting started

http://developer.apple.com/iphone/

iPhone Application Development

Following is a good introductory video related to iPhone application developmennt.

Network Access Control Basics

A good introductory video for NAC. Gives an overview for high level manager. Click Here to view.

New Updates to Policy Management Software

A number of updates are made for Policy Management Software over the weekend. These include:

1. Fixing permissions for user management.
2. Fixed some issues with PDF file generation.
3. Updated graphical report

Updated exception report graph is shown below.

Exception report for Open Source Information Security Policy Management

Draft of policy exception graphic report

The Policy and Exception Management Software enhancements are taking place now. Here is the first cut for graph for policy exception reports. The graphs show good information about the current status of policy exceptions that are pending or approved.

Policy and Exception Management (POEM)

Signatures for Policy Exception

Working on Policy and Exception Management software (POEM) version 2.0. Adding signatures using AJAX on Policy Exception web page was a challenge for few reasons. Just wanted to make sure that everything is done on a single form instead of creating a new form for signatures. It took some time to integrate add and delete functions to ensure the Exception form does not refresh. However it is done now! I hope to get the beta version 2.0 ready in a week timeframe with some good looking graphs.