Version 1.3 of Policy, Procedure and Exception Management

PolicyDOC version 1.3 is released. This has one major new feature for drag and drop. Previous versions showed all sections of all policies on the “Organize Sections” page. For customers who had a large number of policies, this created a usability issue. In this release, sections related to only currently selected policy are displayed on this page which makes it very convenient to organize different sections within a policy using drag-drop functionality.

CISSP Book: Draft 40 published

Today, draft 40 of CISSP book is published. This is available for download at http://rafeeqrehman.files.wordpress.com/2009/06/cissp-book-40.pdf

iPhone development – getting started

http://developer.apple.com/iphone/

iPhone Application Development

Following is a good introductory video related to iPhone application developmennt.

Network Access Control Basics

A good introductory video for NAC. Gives an overview for high level manager. Click Here to view.

New Updates to Policy Management Software

A number of updates are made for Policy Management Software over the weekend. These include:

1. Fixing permissions for user management.
2. Fixed some issues with PDF file generation.
3. Updated graphical report

Updated exception report graph is shown below.

Exception report for Open Source Information Security Policy Management

Draft of policy exception graphic report

The Policy and Exception Management Software enhancements are taking place now. Here is the first cut for graph for policy exception reports. The graphs show good information about the current status of policy exceptions that are pending or approved.

Policy and Exception Management (POEM)

Signatures for Policy Exception

Working on Policy and Exception Management software (POEM) version 2.0. Adding signatures using AJAX on Policy Exception web page was a challenge for few reasons. Just wanted to make sure that everything is done on a single form instead of creating a new form for signatures. It took some time to integrate add and delete functions to ensure the Exception form does not refresh. However it is done now! I hope to get the beta version 2.0 ready in a week timeframe with some good looking graphs.

Information Security Policy and Policy Exception Management: Why it should be web-based

Most of the companies manage policies using different types of documents (PDF, Word, etc). There are a number of disadvantages of this approach, including the following:

• The policy documents are difficult to manage and distribute to a large audience.
• Most of the people don’t know where to go and get a policy document when they need it.
• Policy documents quickly become out of sync when different revisions of policy are published.
• When there are multiple policies published in the form of documents, it is difficult to search for some policy items in multiple documents.

On the other hand, if you use a web-based policy management system (e.g. http://www.conformix.com/POEM), you will be able to manage the policies in a much better way. This will allow you to:

• Manage all corporate policies at one place, include information security policyies, different IT policies and procedures, HR policies, financial and travel policies, and so on.
• You can have a work-flow to approce these policies
• The latest version of these policies are always available online and at one place.
• Search functionality enabled you to find relevant policy sections quickly.
• You can submit policy exceptions requests and manage policy exceptions.

There are many other advantages as well which I will list in my next posts.

Security Policy and Exception Management Software Released

Today I have released first version of web-based policy management and policy exception management software. Main features of this software are as listed below:

1. Web-based software with no client requirements. The users need only web-browser.
2. Centralized policy management for all corporate policies
3. Policy exception management and PDF exception file generation.
4. No software to install. The system comes as VmWare appliance with all software pre-built and configured. However, you can choose to install it on your server as well.
5. Managing multiple policies
6. Drag and drop functionality to re-arrange policy sections
7. Printing policies in PDF format
8. Online submission and processing of policy exception requests
9. Role-based access
10. Embedded HTML editor with commonly used editor functionality.
11. Drill down feature to focus on a particular policy section while editing a policy
12. Spell checking
13. Search capability to look for policy sections related to a particular scenario

Main benefits of this software are:

1. All policies are up-to-date all the time and accessible for users
2. Exceptions to policies can be requested online
3. Get notification for expired exceptions
4. Provides web-based interface
5. You can tweak policy in case number of exceptions on a particular policy section exceeds a certain limit.
6. No need for distribution of updated policies to all audience thus avoiding out-of-sync problem related to policies.
7. The audience has access to the most current policy all the time.

For more information, contact info@conformix.com. Here is a screenshot of the policy administrator interface.

Policy Management