https://github.com/jordanopensource/policies.ost.josa.ngo

Repository for the Digital Security Policies Toolkit for JOSA
https://github.com/jordanopensource/policies.ost.josa.ngo

digital-security dst policies

Last synced: 3 months ago
JSON representation

Repository for the Digital Security Policies Toolkit for JOSA

• Host: GitHub
• URL: https://github.com/jordanopensource/policies.ost.josa.ngo
• Owner: jordanopensource
• Created: 2022-06-06T11:21:11.000Z (almost 3 years ago)
• Default Branch: main
• Last Pushed: 2023-06-26T10:35:16.000Z (almost 2 years ago)
• Last Synced: 2024-05-28T21:48:02.440Z (12 months ago)
• Topics: digital-security, dst, policies
• Language: HTML
• Homepage: http://policies.ost.josa.ngo/
• Size: 16.6 KB
• Stars: 0
• Watchers: 6
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README copy.md

Awesome Lists containing this project

README

        
# Overview

This framework guides your organization to agree on well-defined objectives for strategy and security of information. A set of digital security policies aimed to help you improve your digital safety and resiliency, and also promote digital rights and privacy for all, in Jordan and around the globe.

Information security focuses on three main objectives:

- `Confidentiality` — considers proper authorization to access and use assets

- `Integrity` — considers data integrity and authenticity

- `Availability` — considers ease of access to information or systems when necessary

Grouped and categorized you will find a set of policies that you may use as a basis to develop your own tailored set of policies.

A `Digital Security Policy` or `Policy` in this context identifies the rules and procedures for all individuals accessing and using an organization's IT assets and resources. Effective security is ensured by deploying and enforcing of such policies in the workplace and for all employees.

Every `Policy` consists of four different sections:

- `Objectives` - what the policy aims to accomplish?

- `Scope` - who, what, and when this policy applies.

- `Conditions` - list of goals needed to accomplish our desired aims.

- `Compliance Rules` - list of responsibilities for compliance and actions to be taken in the event of noncompliance.

> **Free use disclaimer**

> This policy was created by the [Jordan Open Source Association (JOSA)](https://josa.ngo) for the Internet community.  

> All or parts of this framework can be freely used for your organization.  

> There is no prior approval required.

?> **Looking to contribute?** Read the contribution guide.

---------------------------------------

# Revisions

| Revision | Description          | Date       | Tag |

| -------- | -------------------- | ---------- | --- |

| 1.11     | The initial revision | 07/03/2022 | TID |

| 1.22     | The initial revision | 20/04/2022 | TID |

---------------------------------------

# Notation

To better reference policy components in this toolkit we use the following notation systems.

## Policies

Every `Policy` is denoted as `CXPY` where:

- `X` is a number which denotes the category of the digital policy

- `Y` is a number which denotes the policy in that category

## Conditions

Every `Condition` is denoted as `CXPY.CZ` where:

- `X` is a number which denotes the category of the digital policy

- `Y` is a number which denotes the policy in that category

- `Z` is a number which denotes the condition for that policy

## Complience Rules

Every `Complience Rule` is denoted as `CXPY.CRZ` where:

- `X` is a number which denotes the category of the digital policy

- `Y` is a number which denotes the policy in that category

- `Z` is a number which denotes the condition rule for that policy

---------------------------------------

# Policy Categories

## [C1 - Behavioral Security](/categories/behavioral-security/)

- `C1P1` - [On-Boarding Policy](/categories/behavioral-security/C1P1.md)

- `C1P2` - [Off-Boarding Policy](/categories/behavioral-security/C1P1.md)

- `C1P3` - [Threat & Harassment Policy]()

- `C1P4` - [Social Engineering Awareness Policy]()

- `C1P5` - [Acceptable Use Policy]()

## [C2 - Physical Security](/categories/physical-security/)

- `C2P1` - [Travel Policy](/categories/physical-security/C2P1.md)

- `C2P2` - [BYOD Policy]()

- `C2P3` - [Clean Disk Policy]()

- `C2P4` - [Removable Media Policy]()

## [C3 - Account Security](/categories/account-security/)

- **Account Management**

  - `C3P1` - [Account Security Question Policy]()

  - `C3P2` - [Account Recovery Policy]()

  - `C3P3` - [Two-Factor Authentication Policy]()

- **Passwords**

  - `C3P4` - [Password Construction Policy]()

  - `C3P5` - [Password Recycling Policy]()

  - `C3P6` - [Password Managers Policy]()

- **Social Media**

  - `C3P7` - [Social Media Account Verification Policy]()

  - `C3P8` - [Social Media Authorities Policy]()

## [C4 - Software Security](categories/software-security/)

- `C3P1` - [Browsers Policy]()

- `C3P1` - [Antivirus Policy]()

- `C3P1` - [VPN Policy]()

- `C3P1` - [Software Installation Policy]()

## [C5 - Communication Security](categories/communication-security/)

- **General**

  - `C5P1` - [Secure Communication Policy]()

- **Email**

  - `C5P1` - [Email Policy]()

  - `C5P1` - [Email Retention Policy]()

## [C6 - Data Security](categories/data-security/)

- `C6P1` - [Data Accessibility Policy]()

- `C6P2` - [Database Access Policy]()

- `C6P3` - [Archiving Policy]()

- `C6P4` - [Data Retention Policy]()

- `C6P5` - [Disclosure Policy]()

- `C6P6` - [Information Logging Policy]()

## [C7 - Crises Operation](categories/crises-operation/)

- `C7P1` - [Remote Access Policy]()

- `C7P2` - [Disaster Recovery Policy]()

- `C7P3` - [Pandemic Response Planning Policy]()

- `C7P4` - [Risk Assessment Policy]()