How well defined is your organization’s Network Security Policy ?
Policy allows staff to understand the expectations of their employer and provides direction with regards to protecting their company, other employees, customers and data. Development of policy is a critical and often an overlooked activity in security programs.
Many industries today are subject to federal, local or industry specific laws and regulations as well as industry standards and best practices. These regulations will drive business and compliance operations for many organizations. The regulations are critical to the development of company policy.
Technical people love to deal with technology and many times skip the policy that should be driving the implementation of technology. Policies can exist on several levels in an organization; there are regulations, laws, corporate policies, division policies, local policies, issue-specific policies and procedures.
Policies and procedures need to be SMART (Specific, Measurable, Achievable, Reasonable, Time-Based). Policies address who, what and why, procedures address the how, where, and when.
Development of a network security policy will drive the business cases and outline what is the organization needs to protect and set a framework for implementing compensating controls. The success of a database security logging and monitoring program will depend on Setting Up a Database Security Logging and Monitoring Program and upon having goals and guidelines in place.
By first understanding business goals, laws, regulations, and resources that require protecting an organization can create an effective policy and base business cases on all this information. This preliminary work is critical, but often skipped by many organizations.
Preparing the foundation will not guarantee success for an organization, but it will better prepare an organization for the work that will build a successful program.
We are a certified IBM partner and use only quality IBM product to build your IT infrastructure.
