Let’s talk about information security policy frameworks!! Hmm, did the room just clear?
I don’t know a lot of people that get excited about policies, other than perhaps the people who write them. I take that back. We have some folks on our team that get very excited about policies.
The PCI DSS Requirement 12 states: “Maintain a policy that addresses information security for employees and contractors.”
A complete policy development effort should include policies, standards, and procedures. Halock’s Security Policy Framework includes:
Information Security Policy
Mobile and Telecommuting
Visitor Acceptable Use
Cardholder Data Protection
Anti-Virus and Anti-malicious
Activity Logging and Monitoring
Data Retention and Disposal
Technical Vulnerability Management
Information Backup and Restore
Firewall and Router Configuration
Incident Response Reporting
Authentication and Authorization
Secure System Management
Secure Application Management
The framework is offered in various sizes: base, custom, custom plus. Pricing varies based upon the size.
Aren’t you glad we’ve got people who do get excited about policies? Would you really want to sit down and create all of the above from scratch?
Once you’ve got the policies/standards/procedures out of the way, then it’s time to get on to the fun stuff! All the tools and gadgets and monitoring that enforces all those policies!
Sr. Account Executive