Security Policy Review and Development
|
|
An information security policy is a document that states in writing how a company plans to
protect the company's physical and information technology (IT) assets. A security policy is
often considered to be a "living document", meaning that the document is never finished, but
is continuously updated as technology and employee requirements change.
A company's security policy may include an acceptable use policy, a description of how the
company plans to educate its employees about protecting the company's assets, an explanation
of how security measurements will be carried out and enforced, and a procedure for evaluating
the effectiveness of the security policy to ensure that necessary corrections will be made.
Each policy should have several associated standards that define what the acceptable level of
security is for a specific policy area. Standards may be technology or solution-specific, and
provide more measurable criteria for satisfying the high-level objectives defined in the policies.
Finally, procedures and guidelines describe how to implement the standard.
Service Description
Most businesses have some form of security policy. Today's regulated world is forcing businesses to formally
document and enforce security policies based on industry standards of best practice.
Netsecuris can assist in developing a new security policy and procedures or reviewing your existing policy and procedures to help your
organization reach its security goals. Netsecuris can assist by applying controls that meet a particular
industry standard (e.g., CobiT, PCI, ISO, HIPAA, GLBA, SOX). Netsecuris can provide the following:
- Review existing policies and procedures
- Compare existing policies and procedures with selected industry standards
- Suggest changes to existing policies and procedures
- Identify gaps in existing policies and procedures
- Develop new controls for inclusion in existing policies and procedures
|