SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals

Experience SANS training through course previews.
Learn MoreLet us help.
Contact usBecome a member for instant access to our free resources.
Sign UpWe're here to help.
Contact UsInformation is often an organizations most valuable asset. As such, it is a high priority that information is secured with a high degree of confidentiality, integrity, and availability. One method of enhancing information security is through the creation of security policy. However, while policy works well at the global program level within an organization, how can it be used to fit the needs of individual the organizational units? The use of information amongst users and co-workers in these organizational units presents interesting challenges for policy which must be addressed in a unique way. This paper presents a set of guidelines which may be used in the creation of an Information Sharing Policy for small organizational units. To help facilitate these guidelines, a general overview of effective policy creation is presented. Following the step-by-step Information Sharing Policy guidelines, specific examples of the policy's use are set forth. Concluding remarks include information on increasing policy effectiveness and aware