The Goal of the Maintenance Phase in Security Policy Development

A.

"publication within the organization" is the goal of the Publication Phase "write a proposal to management that states the objectives of the policy" is part of Initial and Evaluation Phase "Present the document to an approving body" is part of Approval Phase.

F.

& KRAUSE, MICKI, Information Security Management Handbook, 4th Edition, Volume 3, 2002, Auerbach Publications.

Also: KRUTZ, Ronald L.

& VINES, Russel.

D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 8: Business Continuity Planning and Disaster Recovery Planning (page 286).

The Maintenance phase in the development process of a security policy aims to ensure that the policy remains relevant, effective, and up-to-date after it has been implemented. This phase is crucial for maintaining the integrity of the policy and ensuring that it continues to meet the security requirements of the organization.

A. Reviewing the document on the specified review date is one of the essential tasks during the Maintenance phase. This task involves examining the policy document to determine if any changes or updates are necessary. The review date may be set at regular intervals, such as every six months or annually, to ensure that the policy remains current.

B. Publication within the organization may occur during the Implementation phase rather than the Maintenance phase. The publication task aims to inform all relevant stakeholders about the new policy and ensure that they understand its requirements and their roles in its implementation.

C. Writing a proposal to management that states the objectives of the policy is not typically part of the Maintenance phase. This task is more likely to occur during the Development phase when the policy is being drafted.

D. Presenting the document to an approving body may occur during the Implementation or Development phase rather than the Maintenance phase. The approving body may be responsible for approving the policy document before it is implemented, rather than reviewing it after it has been in place.

In summary, the primary goal of the Maintenance phase in a common development process of a security policy is to review the policy document on the specified review date and make any necessary updates or changes to ensure that the policy remains relevant and effective.