Let’s talk about information security policy frameworks!! Hmm, did the room just clear?
I don’t know a lot of people that get excited about policies, other than perhaps the people who write them. I take that back. We have some folks on our team that get very excited about policies.
The PCI DSS Requirement 12 states: “Maintain a policy that addresses information security for employees and contractors.”
A complete policy development effort should include policies, standards, and procedures. HALOCK’s Security Policy Framework includes:
Policies
- Information Security Policy
- Mobile and Telecommuting
- Acceptable Use
- Password Usage
- Data Classification
- Visitor Acceptable Use
Standards
- Access Control
- Cardholder Data Protection
- Physical Security
- Anti-Virus and Anti-malicious
- Activity Logging and Monitoring
- Data Retention and Disposal
- Technical Vulnerability Management
- Information Backup and Restore
Procedures
- Firewall and Router Configuration
- Incident Response Reporting
- Authentication and Authorization
- Data Handling
- Secure System Management
- Secure Application Management
The framework is offered in various sizes: base, custom, custom plus. Pricing varies based upon the size.
Aren’t you glad we’ve got people who do get excited about policies? Would you really want to sit down and create all of the above from scratch?
Once you’ve got the policies/standards/procedures out of the way, then it’s time to get on to the fun stuff! All the tools and gadgets and monitoring that enforces all those policies!
Nancy Sykora
Sr. Account Executive