Presentation is loading. Please wait.

Presentation is loading. Please wait.

Guidelines for building security policies. Building a successful set of security policies will ensure that your business stands the best possible chance.

Published byTokuma Olkeba Modified over 5 years ago

Similar presentations

Presentation on theme: "Guidelines for building security policies. Building a successful set of security policies will ensure that your business stands the best possible chance."— Presentation transcript:

1 Guidelines for building security policies

2 Building a successful set of security policies will ensure that your business stands the best possible chance of protecting company information, as well as safeguarding your customers, personnel, and reputation. The guidelines presented here will help you define the necessary components for building effective policies that meet the needs of your company. From the guidelines: You should approach a security policy as if it were an umbrella and make sure that it covers all aspects of information and/or systems usage. This can be as narrow or broad as your company operations. Start with software, then move onto hardware, and finally cover services or processes.

3 Gathering the details To construct your security umbrella, you’ll need to build a team of IT and non-IT staff to ensure cohesion and root out process-based areas with which IT may not be familiar. This team will determine the security policies that will be put in place. Include requirements such as HIPAA or Sarbanes-Oxley to ensure that your policies are built with these as a foundation for business operations. Start with the basic elements; accounts, passwords, workstations, and mobile devices. Work up to network hardware, then servers and applications. Account for existing software, hardware, and processes, as well as eventualities (security breaches, employee terminations, evaluating potential threats, etc.) From here you can build your policies working from the outside in; physical security, operating system security, application security, and so forth.

4 It’s also a good idea to conduct a risk analysis to identify potential areas of weakness, failure, or compromise in your environment. Group the results based on high, medium, and low risks. In similar fashion, you should next examine business services and categorize which ones are critical, important, or optional. For instance, email and remote access are likely critical and you should invest a lot of time and attention in securing these. Test systems may be important but merit less time, and fax machines or instant messaging might be low priority. Include what to do if a system or service fails or is breached. Can you bring up a spare or work with a vendor? Should you contact local law enforcement? Identify roles and responsibilities for security incident response.

Download ppt "Guidelines for building security policies. Building a successful set of security policies will ensure that your business stands the best possible chance."

Similar presentations

Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. In practice, how do we recognize a potential Privacy.

Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. In practice, how do we recognize a potential Privacy.
Information Security considerations for Outsourced ICT Services

Information Security considerations for Outsourced ICT Services
© 2005, QEI Inc. all characteristics subject to change. For clarity purposes, some displays may be simulated. Any trademarks mentioned remain the exclusive.

© 2005, QEI Inc. all characteristics subject to change. For clarity purposes, some displays may be simulated. Any trademarks mentioned remain the exclusive.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Information Security Policies Larry Conrad September 29, 2009.

Information Security Policies Larry Conrad September 29, 2009.
Security Controls – What Works

Security Controls – What Works
Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
WHY CHOOSE CEO-PE?  We employ International Association of Privacy Professionals (IAPP) Certified and Health Insurance Portability & Accountability Act.

WHY CHOOSE CEO-PE?  We employ International Association of Privacy Professionals (IAPP) Certified and Health Insurance Portability & Accountability Act.
Guide to Network Defense and Countermeasures Second Edition Chapter 2 Security Policy Design: Risk Analysis.

Guide to Network Defense and Countermeasures Second Edition Chapter 2 Security Policy Design: Risk Analysis.
Computer Security Fundamentals

Computer Security Fundamentals
Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.

Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.
Network security policy: best practices

Network security policy: best practices
Cloud Computing Stuart Dillon-Roberts. “In the simplest terms, cloud computing means storing & accessing data & programs over the Internet instead of.

Cloud Computing Stuart Dillon-Roberts. “In the simplest terms, cloud computing means storing & accessing data & programs over the Internet instead of.
ICT School Policies 6 th November 2014. Suggested Policies for Schools Not always a requirement, but useful to cover you, your school and the students.

ICT School Policies 6 th November Suggested Policies for Schools Not always a requirement, but useful to cover you, your school and the students.
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
Introduction to Network Defense

Introduction to Network Defense
Information Security Information Technology and Computing Services Information Technology and Computing Services

Information Security Information Technology and Computing Services Information Technology and Computing Services
Your cybersecurity breach will happen! Here’s what to do to mitigate your risk Thursday, 25 September 2014.

Your cybersecurity breach will happen! Here’s what to do to mitigate your risk Thursday, 25 September 2014.
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

Similar presentations

Ads by Google