Security Policy Framework

Security Policy Framework – HMG Information Assurance

The Security Policy Framework (SPF) was published late in 2008 and replaces The Manual of Protective Security. The SPF is mandatory for all Government Departments and Agencies. It also states that it "should also be extended, where necessary, to any organisations working on behalf of, or handling HMG assets, such as Non-Departmental Public Bodies (NDPBs), contractors, Emergency Services, devolved administrations, Local Authorities or any regular suppliers of goods and/or services."

The SPF is composed of four tiers; tiers 1 to 3 are available publically but are often perceived as increasing in complexity and detail. These tiers are:
Tier 1: The Overarching Security Policy Statement.
Tier 2: The Five Core Security Principles.
Tier 3: The Seven Security Policies.

Automate Implementation of Security Controls

Tripwire helps Government bodies to affordably achieve Security Policy Framework compliance with a single integrated solution. The Tripwire^® VIA^™ suite combines the power of Tripwire® Log Center—log and SIEM—and the intelligence of Tripwire® Enterprise—FIM and configuration control. The Tripwire VIA suite delivers an automated solution designed to support monitoring, change detection, reporting and investigation in real time to provide assurance of compliance with IT security policies.

Tripwire VIA solutions allow organisations to:

Meet the requirements of SPF for HMG ICT systems utilising the recommended configuration controls and log requirements.
Monitor in real-time and instantly detect any changes and events that may impact upon security.
Instantly alert on suspicious behaviour within the enterprise.
Remediate configurations; automate hardening of security controls.
Collect any readable audit, accounting or operational log and process it in to a scalable flat-file based forensic data store in accordance with the organisation’s Forecsic Readiness Policy.
Conform with standards such as the GCSX requirements, Data Protection Act and Community Security Policy (CSP).

Infosecurity Europe 2012 Wrap Up
Infosec expert and ‘cynic’ Javvad Malik summarizes the most important aspects of Infosecurity Europe 2012. Some of the top trends and key takeaways: risk management and the rising role of the CISO....
Communicating the value of Information Security – Part 3
In part 2 of this series, I talked about getting to know the "language" of your particular business. This week, I want to talk about how to leverage Enterprise Architects, if they are available. They can be...
The Growing Pains of the New CISO
Recently we had an opportunity to interview Phil Cracknell (@PCracknell on Twitter) during Infosecurity Europe. Infosec expert and ‘cynic’ Javvad Malik asks Mr. Cracknell, Global Security and...

To read more blog posts, visit the State of Security Blog.

To browse more white papers, visit the resource library.

To browse more videos, visit the resource library.

SC Magazine Readers Designate Tripwire as a Finalist in 2012 Awards for Best Policy Management Solution
Tripwire, Inc., a leading global provider of IT security and compliance automation solutions, has been named a finalist in the Best Policy Management Solution category by the 2012 SC Magazin... Read
Tripwire Appoints Dwayne Melançon to Chief Technology Officer Role for Global Operations
Tripwire, Inc., a leading global provider of IT security and compliance solutions, has appointed Dwayne Melançon to the role of Chief Technology Officer, where he will play a critical... Read
Tripwire Granted U.S. Patents to Facilitate Innovative Management of Data Processing Environments
Tripwire Inc., the leading global provider of IT security and compliance automation solutions, today announced it has been granted U.S. Patent numbers 7,822,724 B2 and 7,765,460 B2 for chang... Read

To browse more, visit the company news section.