policy elaboration with mind map
policy as a global set of documents and measures to regulate organization
activities and ensure itsí safety. This set of documents has a complicated
structure and intercommunications between documents but it should be
integral and actual at every time line. Mind maps should be used to manage
this complication. And Mind Pad gives an opportunity to specify your map.
- Important notice:
Features and functions described on this page are for Mind Pad 2, the
version of Mind Pad was released as a new major
update (actually completely new project), so information on this page
will be relevant only to Mind Pad 2, which is available for download,
but is not supported.
of all, you should know that there are many different approaches to create
ISP. We will consider the most global variant when ISP describes all of
organization activity aspects connected with providing information security.
ISP will consist of 4 main parts: Common Regulations, Security Standards,
Organization Security and Emergency Plan.
Regulations devoted to defining such things as Security Targets, Law
References, Applying Borders and ISP structure.
Standards define Confidential Information Categorization, Statement
of Responsibility, Terms and Definitions, Order of Confidential
Information Using and so on.
Security is the main part and consist of 3 big and complicated chapters:
Application-Specific Procedures, Organizational Procedures and Security
Plan consist of emergency situations defining, priority placing, prior
measures, emergency arrangements and recovery plan.
documents in ISP have an addressing property. Some docs are common for
everyone, some should be
policy mind map
|Basic security tool
When designing security policy you will need to list security tools
that will make your company secure. Consider Shred Agent as a basic
tool for your security system. This is a file shredder that runs
in background and wipe sensitive files as you delete them.
get the best result you should use Mind
Pad enhancement. In our ISP structure we have common documents, which should
be available for all, for-user documents and administer documents. Users
donít have access to administer documents. Another division of documents
is regulations (with such properties as goal, access, borders and
subject), standards (application area, access) and instructions (access,
subject), and ISP PART (part name and description). So, we should create 4
new objects in Model Editor. Model Editor allows to create class of frame
objects with new properties. In simpler words it means that you can add more
properties to standard frames and use new frames on your work-space.
we will have such new frames:
For regulations we will specify such category property values as
application-specific procedure, organizational procedure and security
For access property we will specify such values as: common, user and
Now we can create a mind map of ISP in Mind Pad. Central topic is default
frame called ISP. Subtopics are ISP PARTS linked to ISP with names: Common
Regulations, Security Standards, Organization Security and Emergency Plan.
Each ISP PART connected with its regulations and standards and regulations
are connected with instructions. Access property specified for each frame.
That is the main scheme of ISP mind map.
As a tall structure it will looks like the map designed in Mind Pad (click
to see the picture).
course, it is just an example, and you should elaborate this model according
to your organization specific.
support ISP and keep it in an actual state we can link frames with concrete
document source, for example in Microsoft Word. So, now we have an ISP
specific workspace, we can see the whole structure of document set, we know
all access rights to each document and we can get each document directly
from the map using hyperlinks.
approach is very comfortable, because ISP may consist of about 100 different
documents and IT security specialist must keep all this with its complicity
and interconnections in his mind. For example, Organization Security->
Organizational Procedures branch may have such subtopics as Software
Installation Order, Physical Access
Order, Devices and Equipment Using Order, Access Regulation and so on.
Pad provides all needed instruments and opportunities to create complete
information security policy workspace. You also can use notes to mark
documents, for example, to specify its stage of development.
This is a sample
of security policy map created in Mind Pad.
Policy [11 KB]
- For creating security policy mind map purpose, you can purchase Mind
Pad with special pricing 49$. Purchase
Map as a text
We have generated a report for this map using Mind Pad. Here is the
||Information security policy
|Date to contact
||Security team leader
||Confidential Information Categorization
||Statement of Responsibility
||Terms and Definitions
||Order of Confidential Information Using
|Date to contact
||Software Installation Order
||Instruction (administrator) - Software Installation
||Instruction (user) - Software Using Rules
||Security Instruments Using
||Viruses Protection Order
||Organization of virus protection system
||Antivirus Software Using
|Date to contact
|Date to contact
Evaluate Mind Pad
You can download fully-function 30-days evaluation
version of Mind Pad: http://www.mind-pad.com/download.htm
Please, visit ordering
page for more information about pricing and ordering.
let us know what you think about this article: