I.T. Security Policy
Many of our customers have to meet compliance standards. Whether your compliance needs are necessary to heath care (HIPPA), the payment card industry (PCI) or others, solid security policies are a necessity.
Our internal practices and procedures have been optimized to gather the most significant policy attributes. Over the years we have compiled them into a set of policy standard templates that can be easily customized to meet your needs.
The policy standards we use are cross-referenced and mutually supportive of each other. Something that serious auditors will verify.
Policy Basics
If a sound IT security policy is necessary for compliance, we start with some basic information gathering that drives the rest of the policy. Mostly this first step consists of identifying key corporate personnel and assigning a set of “roles and responsibilities”. These “roles and responsibilities” are key to delivering a comprehensive and sound corporate security policy.
Policies
Once the roles and responsibilities have been identified we continue with several very simple but important policies. These key policies increase security in any organization dramatically. These initial policies are typically the following:
Ethics Policy
Information Sensitivity Policy
Internet Usage Policy
E-mail Usage Policy
Password Policy
Physical Security Policy
Media Destruction Policy
Access Control Policy
Server Security Policy
Anti-Virus Policy
Router Security Policy
Once key policies are in place, we marry them to solid configuration standards that cross reference the polices that drive the configuration parameters.
When implemented, this discipline can dramatically increase security and also significantly decrease downtime.
Compliance Approach
Through our vast security experience we have developed a unique approach to addressing compliance and security policy to production networks.
We start with a sound policy, which drives solid, stable and secure configuration standards. Using these important building blocks we implement the compliant systems. Once implemented they are audited for compliance with security policy (A separate entity should be used for the auditing portion).
Once all systems are revealed to be compliant the secure systems are then put into production.
Production systems then impact how the policy should be changed. For example a system may not be able to be secured in precisely the same way a policy dictates. When this occurs exceptions are built into the policy that address the concern of business operations.
Existing Systems
Most systems have been built from the ground up without compliance in mind. Our systems engineers know precisely how to address these types of situations.
Where systems exist, a configuration assessment is performed against the desired policies that apply to its function. Once these are determined, a plan is constructed on how to address each compliance issue. Research is done, and where necessary, policy amendments are implemented.
Other Policies and Configuration Standards
In addition to the polices mentioned we have created many others that are pertinent to today’s complex IT infrastructure. Here is a list of some of the other templates we can customize for your company:
Notebook Portable Computer Policy
Remote Access Policy
Employee Screening Policy
Software Development Policy
Change Control Policy and Procedures
Data Retention Policy
Patch Management Policy
Virtual Private Network Policy
Wireless Communication Policy
Incident Response Policy
External Repair Policy
Visitor Policy
Network Log Policy
Also we can help identify key areas in your organization and write custom policies to meet your needs.
With the help of New Eve Technologies, Inc. policies you can increase your security and pass your next audit.