Risk Assessment Security Policy Development

Security Policy Development

Strong and relevant policies are the foundation for any organization. Detailed and practical instructions have to be put in place, but they also have to change as the organization changes. A corporation without practical and relevant policies is open for problems from people, process and technology areas. They are the cornerstone of a dynamic security group and support users in the business risks they face. Employees need guidance to conduct business in a secure fashion.

Without effective operational security policies, procedures and practices, maintaining appropriate security is often elusive. The corporate architecture may present opportunities for operational security gaps to go undetected or unnoticed due to unclear responsibilities or a lack of clear standards. Policies are unique to your organization and can be tailored against such industry best practices such as ISO and CoBIT standards.

Security Policy Solution

A complete set of security policies can be developed including the infrastructure, third-party, asset classification, accountability, personnel security, physical and environmental security, communications security, operations security, user education and awareness, access control, system development life cycle, business continuity, disaster recovery and regulatory compliance.

We can develop policies tailored to your business and teach your staff how to maintain them appropriately. A Gap Analysis of current policies is conducted, your operating environment is analyzed and policies are then developed. We will require access to all relevant information security policies, standards, guidelines, and procedures. Policies and procedures to be analyzed and evaluated may include:

  • Disaster Recovery/Business Continuity Plan
  • Secure Code Development
  • Account Administration
  • Security and Control over Network Servers (Web, databases etc)
  • Configuration and Control Over Routers and Gateways
  • Firewall Administration Procedures
  • Monitoring and Review Procedures
  • Remote Access Policies
  • Intrusion Detection
  • Forensics
  • Database security procedures
  • Privacy
  • Data classification standards