IT Security Policy Development

At InfoSight, we'll help you determine the elements you need to consider when developing and maintaining an information security policy. We'll design a suite of information security policy documents to cover all information security bases, which can be targeted for specific audiences such as management, technical staff and end users.

An IT security policy should:

  1. Protect people and information
  2. Set the rules for expected behavior by users, system administrators, management, and security personnel
  3. Authorize security personnel to monitor, probe, and investigate
  4. Define and authorize the consequences of violations
  5. Define the company consensus baseline stance on security
  6. Help minimize risk
  7. Help track compliance with regulations and legislation
  8. Ensure the confidentiality, integrity and availability of their data
  9. Provide a framework within which employees can work, are a reference for best practices, and are used to ensure users comply with legal requirements

IT Security Policy development is both the starting point and the touchstone for information security in any organization. Policies must be useable, workable and realistic while demonstrating compliance with regulatory mandates.

The Cyber Security Triad
The tension between demand for IT functionality/productivity and requirements for security is addressed through the IT security policy. The Cyber Security Triad pictured here represents:

  • the goals of cyber security
  • the means to achieve cyber security, and
  • the mechanisms by which cyber security goals are achieved
In general, cyber security refers to methods of using people, process, and technology to prevent, detect, and recover from damage to confidentiality, integrity and availability of information in cyberspace.

Contact us to ensure that your IT Security Policy documents are as efficient and useable as possible.