Questions? Call 1-877-749-9319 or Contact Us
Security Policies, Practices and Systems
When it comes to IT Security and managing vulnerability, it is important that organizations differentiate between policy and practice. C level executives and board members are responsible for setting policy. Working from a high level understanding of business objectives, constraints, and vulnerabilities, they define the overarching policy and desired outcomes for the business.
While this policy will dictate security practices, processes, and procedures, specific details of implementation, such as selection of tools and applications and detailed processes, should be left to individual business units and the IT department. This separation is essential for effective business function, otherwise a simple front line replacement of monitoring software could require an amendment to the company’s IT Security Policy.
- Some key security issues that our consultants can help you address include:
- Developing IT security policy
- Defining security processes and procedures
- Selecting appropriate security applications
- Authentication, authorization, and approvals planning
- Security conscious system configuration and administration
- Security awareness training
- Physical access
- Electronic access
- Internal threats
- Vulnerability testing
- Security training for C-level executives and board members
- Security training for IT staff
- Security training for business staff
