PacketSource — Security White Papers
 
A A A
 

Defining Policies Using Meta Rules

Author: Dan McGinn-Combs Published May 2, 2011 from SANS

This paper seeks to initiate a discussion on how to design and implement security policies within a company. It first describes a methodology for developing security policies based on the concept of meta-rules, rules which define how to write rules. It then describes how to use measures to determine the effectiveness of the policies in a business context. Finally it shows the relationship between a measurement system and a systematic review of policy to verify and validate the meta-rules chosen as the basis for security policy.

Tags:

PDFRead the complete paper at SANS