Transmittal Letter for DRAFT State Security Policy
The State of Alaska Security and Privacy Committee under the direction of TIC Policy has completed a first draft of the State of Alaska Computer Security Policy. This draft is being circulated electronically in the hopes of soliciting comments, changes, additions, deletions and the like from appropriate State of Alaska staff. While we have not anticipated every possible security issue we have attempted to develop a highly granular set of policies that will allow the state flexibility in modifying the policies. We have developed a rather innovative approach to a security policy. Rather than a generic document that mixes policy with guidelines and directives we have developed a database that allows users to home in on the specific policy that applies to their situation. Our hope is that by remaining granular in the policies, and providing a capability to search for a specific policy, users will be able to make better use of the overall policy.
We know and expect that there are some holes remaining in the policy list. We also expect that some policies may cause problems with how business is currently conducted by the State of Alaska. We do not expect that complete security will simply be turned on when this policy is officially adopted. Instead, we expect complete implementation to take some time, with some items being difficult, and potentially costly, to implement. We also expect that this list of policies will, and should, continue to evolve over time.
The Draft State of Alaska Computer Security Policy is in two parts and can be accessed by following the 'Next' link below. The first part is an introductory document that discusses the reasons for a security policy and provides definitions for categories, risk levels and user groups. The second part is made up of the granular policies themselves. The policies are stored in a database and accessed via a web interface. The current web interface is minimal and designed to give the user an idea of the direction the system is taking. The application will be improved prior to formal adoption. The intent is to have a web based application that all State workers can access and search for specific policies that relate to a specific category, such as Password policies for End Users of Medium Security systems. This has not been implemented yet. Our hope is to have this completed prior to official adoption by the State of Alaska.
Please note that this group of security policies is a DRAFT document and it understandably has some problems; to that end we welcome your feedback, suggestions and general opinions. Please direct your comments via e-mail to Marshal Kendziorek.