Information Security Program Guide

Your Information Security Policies and Procedures drive the security practices of your organizations critical business functions. These procedures will assist you in developing the best fitting security practices as it aligns to your organizations business operations across the enterprise!

Comprehensive Documentation

  • Information Security Policy
  • Departmental Information Security Procedures
  • IT Standard Configuration Guidelines

The Information Security Policy defines the boundaries for your organization and should have board level approval. These policies define how your organization wants to govern the business operations. For any policy the organization does not meet today, a corrective action plan should be developed defining milestones and completion time frames.

Departmental Procedures map to the organizations Information Security Policy and define what that means within the standard business operations for the departments (Business Units) covering your enterprise. If a policy can not be meet due to business requirements, document the exception and request approval if needed. 

Developing the IT Standard Configuration Guidelines document will set the baseline requirements for any new and existing assets, solutions, it infrastructure used by your organization. These configuration guidelines are broken into 5 categories and assist you in setting best practice guidelines for your organization.

  • Application
  • Database
  • Desktop
  • Network
  • Server