At the very heart of Information Security lay the principles of Authentication, Authorization and Accountability, also known as AAA. In plain language, these principles state that:
a. Every action of a system, application or person that may affect the security of an information asset (physical or electronically format) should be allowed only after formal requesting and granting of permission.
b. Every authorized action of a system, application or person, seemingly to bear relevance for the security of an information asset should be permitted through a set of access controls.
The purpose of this policy is to lay out the general rules that must be followed in designing and implementing company – wide managerial, operational and technical access controls, that prevent unauthorized access.
1.1 PROCEDURE OWNER
1.3 APPLICABLE REGULATIONS
1.4 RELATED [COMPANY] NORMS AND PROCEDURES
1.6 AUDIENCE AND SCOPE
1.7 DOCUMENT SUPPORT
2. DEFINITIONS & ABBREVIATIONS
4.1 [DEPARTMENT MANAGER(S)]
4.2 INFORMATION SECURITY TEAM/ OTHER ENTITY
4.4 [SENIOR DIRECTOR]
6. FINAL CONSIDERATIONS
6.1 DISCIPLINARY ACTIONS AGAINST PROCEDURE VIOLATION
6.2 DOCUMENT REVISION
The Clean Desk Procedure was developed by the Company in order to protect classified information, company's goods and employees’ personal goods, as well as to reduce the risk of fire, incidental floods or any other damaging events.