Policy

A well-conceived corporate security policy is the essential foundation for information and network security. Any corporate security policy should certainly include current technical standards and procedures for the secure configuration of networks, systems, and applications - in practice and in writing. But in order for it to be effective, a company security policy must be regarded as a living business process consisting of common sense, current technology and cultural indoctrination. It must be enforceable. Once the policy is created, it is important to communicate the policy and procedures with the end-user community, such as employees, contractors, and business partners. End-user practices can be the weakest link in a corporate security plan. Any investment in technology is easily undone by a single incident of social engineering, a network password written on a notepad in a cubicle, or a PDA left behind in a taxi. So it is that once deployed, it is critical that security policies and procedures be maintained by tracking and enforcing compliance on a regular basis - both from a technical standards and end-user standpoint.

Because we recognize that every corporate environment is unique, our security policy and procedure service is customizable to your business requirements; we can create, update or review any or all of these security policies:

• Corporate security policy
• Access control
• Business continuity and disaster recovery
• Change management
• Confidentiality
• Document retention and destruction
• E-mail
• Incident response
• Internet use
• Passwords
• Physical access control
• Software licensing and use
• Standards compliance (GLBA, HIPAA, ISO 17799)
• Virus protection
• VPN use
• Wireless
• Additional security policies based on NIST and NSA guidelines