Although an organization's information assets are specific to business functions and strategies, they may be contained within broad categories such as those that need contractual and legislative compliance, explicit access controls, virus prevention, critical to business, or varying levels of sensitivity.
Security Policy & Procedures service provides an investigation of your requirements for information security, associated priorities, and business objectives to create a custom security policy to clearly demonstrate management's commitment to an enterprise security program to employees, customers, partners, and shareholders. Security consultants team with your staff to develop a detailed work plan and meet on an ongoing basis to help ensure all work is performed to your satisfaction. To ensure the policy meets business needs, security consultants draw from past experience and best practices selected from industry standards for commercial environments in areas such as organization, personnel, physical controls, asset clarification and control, and network and computer management.
Security Policy & Procedures service, in which a consultant will interview key business and IT managers to develop a corporate security policy that will contain, at a minimum:
- Definition of information security with a clear statement of management's intentions and expectations of security processes
- Explanation of security requirements, including:
- Compliance with legislative and contractual requirements
- Security education, virus prevention and detection, and business continuity planning
- Incident response requirements and processes
- Acceptable uses and management procedures
- Description of security program participant roles and responsibilities
- Process for maintaining the policy document and established security programs
Authentication and data encryption or point-to-point communication will be implemented for all systems that send or receive sensitive data or when it is critical that both parties know with whom they are communicating. The decision of whether to encrypt data should be made by the professional system administrator responsible for the particular application being distributed, with the knowledge of the appropriate dean, director, or department head.................
