Adding value through actionable information security policy…
Security policies are binding rules under which an organization manages and recognizes risks. Policies address threats, engage employees, and outline rules on engagement and consequences.
Security attacks on organizations are increasing in number and sophistication. We must ensure that our systems can be protected against these threats. The first step in achieving this is to document the rules and guidelines on system management, operation and use. By complying with these rules and guidelines, organizations are doing their utmost to protect their systems and their
people from security threats.
The Infosec Governance Team designs policies for businesses of all sizes in any industry. With general knowledge of Information security, knowledge of compliance requirements and security frameworks, Infosec can provide policies that are relevant to both the culture of the company and the business outcomes.
In the context of the information security process, documented policies and procedures allow an organization to manage its corporate risk by carrying out defined controls, providing audit benchmarks and corrective actions. Without documented policies and procedures, each employee and contractor will act in accordance with their own perception of acceptable use and system management, and the response will be ad hoc and inconsistent. Staff will be unaware of whether they are acting within the risk tolerance of the organization.
Sample Policies that Infosec has developed:
- Change Management Policy
- Physical Security Policy
- Password Policy
- Third party Security Policy
- Backup and Recovery Policy
- Endpoint Protection Policy
- Security Awareness Policy
- Information Security Policy
- Cloud Security Policy
- Technology Acceptable Use Policy
- Incident Response Policy
- Access Control Policy
- Network Security Policy
- Data Retention Policy
- Data Classification Policy