Security Policies

Information security policies –  Whoo hoo!  Pretty exciting stuff!  But seriously, if we didn’t have policies, where would we be?  Civilization as we know it would cease to exist!  We all have policies that we adhere to – personally, professionally, morally.

The first step is to put an information security policy in place.  The policy should be comprehensive without restricting the business.  It should allow for easy management and changes and the company security processes mature.

Crafting a security policy from the ground up can be cost prohibitive, and does not ensure that the company is addressing every aspect of what a complete, tested policy should include.

HALOCK’s put together a policy development offering, which includes a framework of policies, standards, and procedures.  Our governance team can guide you through the development and implementation process.  The templates are customized according to your organization’s needs.  Workshop(s) can be included to provide training to get you going.  Below is an example of what’s included.

Policies
Information Security Policy
Mobile and Telecommuting
Acceptable Use
Password Usage
Data Classification
Visitor Acceptable Use

Standards
Access Control
Cardholder Data Protection (CDP)
Physical Security
Anti-Virus and Anti-malicious
Activity Logging and Monitoring
Data Retention and Disposal
Technical Vulnerability Management
Information Backup and Restore

Procedures
Firewall and Router Configuration
Incident Response Reporting
Authentication and Authorization
Data Handling
Secure System Management
Secure Application Management

Nancy Sykora
Sr. Account Executive