Policy allows staff to understand the expectations of their employer and provides direction with regards to protecting their company, other employees, customers and data. Development of policy is a critical and often an overlooked activity in security programs.
Many industries today are subject to federal, local or industry specific laws and regulations as well as industry standards and best practices. These regulations will drive business and compliance operations for many organizations. The regulations are critical to the development of company policy.
Technical people love to deal with technology and many times skip the policy that should be driving the implementation of technology. Policies can exist on several levels in an organization; there are regulations, laws, corporate policies, division policies, local policies, issue-specific policies and procedures.
Policies and procedures need to be SMART (Specific, Measurable, Achievable, Reasonable, Time-Based). Policies address who, what and why, procedures address the how, where, and when.
Development of a policy will drive the business cases and outline what is the organization needs to protect and set a framework for implementing compensating controls. The success of a database security logging and monitoring program will depend on Setting Up a Database Security Logging and Monitoring Program and upon having goals and guidelines in place.
By first understanding business goals, laws, regulations, and resources that require protecting an organization can create an effective policy and base business cases on all this information. This preliminary work is critical, but often skipped by many organizations.
Preparing the foundation will not guarantee success for an organization, but it will better prepare an organization for the work that will build a successful program.
At Infinity Networks, we consult on and implement Network Security programs for a wide variety of verticals. We specialize in understanding your business and strive to give you the best protection possible by setting up your network security policies by following industry best practices and standardization compliance. We are a certified IBM partner and use only quality IBM product to build your IT infrastructure.
