policy elaboration with mind map
policy as a global set of documents and measures to regulate organization
activities and ensure its safety. This set of documents has a complicated
structure and intercommunications between documents but it should be
integral and actual at every time line. Mind maps should be used to manage
this complication. And Mind Pad gives an opportunity to specify your map.
of all, you should know that there are many different approaches to create
ISP. We will consider the most global variant when ISP describes all of
organization activity aspects connected with providing information security.
ISP will consist of 4 main parts: Common Regulations, Security Standards,
Organization Security and Emergency Plan.
Regulations devoted to defining such things as Security Targets, Law
References, Applying Borders and ISP structure.
Standards define Confidential Information Categorization, Statement
of Responsibility, Terms and Definitions, Order of Confidential
Information Using and so on.
Security is the main part and consist of 3 big and complicated chapters:
Application-Specific Procedures, Organizational Procedures and Security
Plan consist of emergency situations defining, priority placing, prior
measures, emergency arrangements and recovery plan.
documents in ISP have an addressing property. Some docs are common for
everyone, some should be
policy mind map
get the best result you should use Mind
Pad enhancement. In our ISP structure we have common documents, which should
be available for all, for-user documents and administer documents. Users
dont have access to administer documents. Another division of documents
is regulations (with such properties as goal, access, borders and
subject), standards (application area, access) and instructions (access,
subject), and ISP PART (part name and description). So, we should create 4
new objects in Model Editor. Model Editor allows to create class of frame
objects with new properties. In simpler words it means that you can add more
properties to standard frames and use new frames on your work-space.
we will have such new frames:
For regulations we will specify such category property values as
application-specific procedure, organizational procedure and security
For access property we will specify such values as: common, user and
Now we can create a mind map of ISP in Mind Pad. Central topic is default
frame called ISP. Subtopics are ISP PARTS linked to ISP with names: Common
Regulations, Security Standards, Organization Security and Emergency Plan.
Each ISP PART connected with its regulations and standards and regulations
are connected with instructions. Access property specified for each frame.
That is the main scheme of ISP mind map.
As a tall structure it will looks like this:
1.1. ISP PART - Common Regulations
1.1.1. Regulation (common) - Security Targets
1.1.2. Regulation (common) - Law References
1.1.3. Regulation (common) - Applying Borders, etc
1.2. ISP PART - Security Standards
1.2.1. Standard (common) - Confidential Information Categorization
1.2.2. Standard (common) Statement of Responsibility
1.2.3. Standard (common) - Terms and Definitions
1.2.4. Order of Confidential Information Using, etc
1.3. ISP PART - Organization Security
1.3.1. Application-Specific Procedures
1.3.2. Organizational Procedures
18.104.22.168. Regulation (common) - Software Installation Order
22.214.171.124.1. Instruction (administrator) Software Installation
126.96.36.199.2. Instruction (user) Software Using Rules
1.3.3. Security Instruments Using
188.8.131.52. Regulation (common) Viruses Protection Order
184.108.40.206.1. Instruction (administrator) Organization of virus protection system
220.127.116.11.2. Instruction (user) Antivirus Software Using
1.4. ISP PART - Emergency Plan, etc.
course, it is just an example, and you should elaborate this model according
to your organization specific.
support ISP and keep it in an actual state we can link frames with concrete
document source, for example in Microsoft Word. So, now we have an ISP
specific workspace, we can see the whole structure of document set, we know
all access rights to each document and we can get each document directly
from the map using hyperlinks.
approach is very comfortable, because ISP may consist of about 100 different
documents and IT security specialist must keep all this with its complicity
and interconnections in his mind. For example, Organization Security->
Organizational Procedures branch may have such subtopics as Software
Installation Order, Physical Access
Order, Devices and Equipment Using Order, Access Regulation and so on.
Pad provides all needed instruments and opportunities to create complete
information security policy workspace. You also can use notes to mark
documents, for example, to specify its stage of development.
Evaluate Mind Pad
Mind Pad is a concept mapping software. You can download fully-function 30-days evaluation
version of Mind Pad: http://www.mind-pad.com/download.htm
Please, visit ordering
page for more information about Mind Pad pricing.
let us know what you think about this article: