Network Security Audit Risk Assessment Information Security Consulting Computer Forensics

 



Start with Security Policies

Policies represent the corporate philosophy of an organization. They provide staff the direction and support needed to perform their day-to-day duties. In the case of information security, an information security policy helps provide direction in accordance with business requirements, standards, laws, and regulations.

Policies should be established in line with business objectives. For example, management demonstrates support for and commitment to information security through the issuance and maintenance of an information security policy.

Leading organizations use an information security policy to define information security and establish the framework for setting control objectives within the organization.  Security controls help protect the organization's sensitive information and intellectual property. Unfortunately, many businesses use an ad-hoc approach to securing information, installing firewalls, anti-virus software, and other controls without a top down planned approach to managing risks.

An Information Security Management Systems (ISMS) is a systematic approach to managing sensitive information so that it remains secure. An ISMS includes policies, procedures, plans, processes, practices, roles, responsibilities, resources, and structures used to protect and preserve information. It includes all of the elements that organizations use to manage and control their information security risks.

ISMS security controls include administrative, management, technical, and legal approaches to managing risks. Policies, procedures, programs, techniques, technologies, guidelines, and organizational structures help organizations comply with industry standards and requirements by addressing information confidentiality, integrity, and availability.

Security policies are essential to an effective security system and express management’s direction and guidance to implementing, maintaining, and improving an ISMS. Security policies include access controls, managing passwords, patch management, monitoring systems, business continuity, compliance, and many other areas.

Policies often consist of the following:

  • Policy – the rules and requirements for risk management and continuing business operations.
  • Standards – detailed networking and security technologies for protecting information systems.
  • Guidelines – system or topic related recommendations and best practices.
  • Procedures – details to implement standards and guidelines, guides for installing software, securing facilities, documenting security breaches, etc.

In some instances, policies can conflict with each other. In these circumstances, a steering committee can address policy conflicts and identify appropriate compromises and alternative solutions.

If your organization lacks policies, security policy templates provide a jump start and help you manage your risks.

Tags: risk management | risk assessment, | risk management | risk treatment

Take our Challenge.   Copyright © 2006-2011 Altius Information Technologies, Inc.  All rights reserved.    On-line Support.    Privacy.    Site Map.    Contact Us.