Information Technology Services

213.414.6534213.414.6534

WE BELIEVE IN SERVING, RATHER THAN EARNING

Solutions & Services

A security policy is a statement of an organization’s security objectives. This is the most crucial element of a security program. Without security policies there are no effective security controls because there is no awareness of the internal practices and company assets you are attempting to control.

Security policies clarify the security goals of an organization in relation to its business processes, technical mechanisms and personnel behavior. A good security policy can help to ensure that systems are utilized in the intended manner; enable user understanding of their roles & responsibilities; and control legal liability.

Suggested Policies for Effective Security Programs

Many organizations are required to develop and maintain specific security policies and procedures. Most would benefit from implementing all, or a combination of, the security policies below.

Senior Management Statement of Security

This is a short but important policy. By establishing executive support, the statement systemizes an organization’s commitment to sound security practices.

Information Systems Security Policy

This is the high level security policy that establishes security objectives and roles within the organization. This policy defines the security policies (i.e., confidentiality, integrity, availability) and supporting policies (identification & authentication, audit, accountability, non-repudiation), the classification of information, and the roles and responsibilities of those entrusted with establishing and enforcing the security policies (information owners, business owners, information custodians, users).

Acceptable Use Policy

An Acceptable Use Policy addresses employee use of the organization's resources for accessing the Internet; transmitting or receiving electronic mail; general use of the organization's software; and access to the organization's information systems. The absence of this policy leaves an organization open to employee abuse of organization resources, increased risk of security breaches due to a lack of security awareness, and litigation from employees, regulatory agencies, and parties damaged by a security breach.

Security Program Policy and Procedures

The Security Program Policy establishes the roles and responsibilities of the organization's security program (developing policies, security awareness, security review, security risk assessment, security coordination and promotion, security program updates, regulation compliance and tracking.) The procedures are step by step instructions for how these responsibilities are to be performed.

System Development and Deployment Policy and Procedures

Every organization that produces it's own software or internal controls absolutely requires this type of security policy. Although this policy is more concerned with quality control and change control, security plays a significant role. This policy covers the steps and approval process (requirements, design review, developmental system, change control, security approval, testing, approving authority, re-approval) required to develop a system and place it in production such that it will be entrusted with protecting sensitive information. The procedures are step by step instructions for how these responsibilities are to be performed.

Disaster Recovery and Business Continuity Policy and Procedures

The primary role of the executives of an organization to ensure the strength of the organization and its on-going operations. Paramount to that responsibility is in-depth planning of how to handle emergencies and disasters. The Disaster Recovery and Business Continuity Plan policy establishes a Business Continuity Team, the roles and responsibilities of those involved in continuity planning. and the procedures for developing disaster recovery plans and business continuity plans. Note: This policy only establishes the roles and tasks, more work will be required to develop, test, and maintain an effective disaster recovery plan and business continuity procedures.

Security Operations Policy and Procedures

This policy covers the responsibilities of production staff (protecting information systems, backup, media access controls, emergency procedures, system hardening, password administration, emerging threat analysis, etc.). The procedures are step by step instructions for how these responsibilities are to be performed.

Security Monitoring Policy and Procedures

This policy establishes the roles and responsibilities of the the personnel involved in planning, detecting, responding, and recovering from security incidents. The procedures are step by step instructions for how these responsibilities are to be performed.

Technology Partners
Scroll Left
  • Blue Coat Systems
  • SONICWALL
  • GFI
  • Check Point
  • Lurhq
  • Netscreen
  • Tipping Point
  • Crossbeam Systems
  • Latis Networks
  • Enterasys
  • eiq Networks
  • Blue Coat Systems
  • SONICWALL
  • GFI
  • Check Point
  • Lurhq
  • Netscreen
  • Tipping Point
  • Crossbeam Systems
  • Latis Networks
  • Enterasys
  • eiq Networks
  • Blue Coat Systems
  • SONICWALL
  • GFI
  • Check Point
  • Lurhq
  • Netscreen
Scroll Right
© 2012 All rights reserved. Secure Coat®, Suite# 426, 4th Floor, Block-14, Mashrique Centre, Suleman Farsi Road, Gulshan-e-Iqbal, Karachi-75300