Corporate IT Security Policy Defining corporate security policies, basing them on industry standards, measuring compliance, and outsourced services are keys to successful policy management. In today's high-tech and interconnected world, every corporation needs a well thought out security policy. Threats exist from both within the walls of each enterprise as well as from external sources such as hackers, competitors and foreign governments. The goal of corporate security policies is to define the procedures, guidelines and practices for configuring and managing security in your environment. By enforcing corporate policy, corporations can minimize their risks and show due diligence to their customers and shareholders. I. Why Have A Security Policy? Information security is a business issue, not just a technology issue. The reason organizations want to protect information should be for sound business purposes. Corporate knowledge and data are arguably the most important assets of any organization. Corporations must ensure the confidentiality, integrity and availability of their data. These three security objectives answer the questions: "Who sees the data?", "Has the data been corrupted?" and "Can I access the server or data when I need it?" Corporate Security Policies provide several benefits. They provide a standard baseline of security policy modules and checks, based on the organization's information security policies and standards. They establish a solid, scaleable basis for an enterprise-wide product deployment such as ESM. Policies heighten security awareness of company personnel. They also help organizations demonstrate their commitment to protecting their vital information assets. Having a security policy that is easily measured and enforced is key. II. Where To Start The first step toward implementing information security is to formulate a security policy. Identify the key assets to secure, and which assets will be extended to whom. The role of the policy is to guide users in knowing what is allowed, and to guide administrators and managers in making choices about system configuration and use. This process will help you establish specific security goals and a plan to tackle them. Before you can manage security you have to have a way to measure its effectiveness. Your corporate security policy provides the acceptable baseline standards against which to measure compliance. There is no need to start from scratch. Rather than analyzing every risk, look at what others are doing. Meet standards of due care by using existing standards and industry "best practices". Pay attention to regulations and requirements from government, industry and partners. Organizations must also maintain a "best practice" level of compliance, in order to pass audits measured against standards and regulations. III. Standards And Regulations A host of information security standards and government regulations have been published over the years providing a great foundation for corporate security policy. Regulations are developed by U.S. and foreign governments to address specific industries such as finance and health care. HIPAA defines security and privacy standards for the health care industry. The Gramm-Leach-Bliley Act is legislation addressing financial services in the United States. The table below lists several standards and regulations that enterprise customers and government agencies are required to adhere to.
RTE has the power of experience consultants and trainers who specifically work on these type of training programs. |
|
|
|||||||||||
|
|||||||||||
|
