|
|
| |
|
| |
|
|
Security Services: Security Policy Development A Security Policy crystallizes the business rules of the organization regarding allowing access to information and computer systems. It defines who is to be trusted with access, and to what degree. A properly drafted security policy serves two main purposes. First, it defines who within and outside your organization should have access to what resources, and how your organization's systems should and should not be used. This is largely business-level information, rather than technical, but serves as the foundation upon which technical configuration of your security systems should be based. This information needs to be communicated to employees and (as appropriate) partners, so that the Security Policy can serve as a basis for Human Resources to respond to inappropriate behavior, and take appropriate legal action if necessary. This document, therefore, crosses multiple areas within an organization and requires buy-in from upper management to be effective. Development of the policy is typically done in a workgroup format, with involvement from all appropriate departments and staff, and with support and involvement from upper management. The policy should be communicated to employees, and employees should sign off on having seen and had the opportunity to review it as part of their orientation and training. Management commitment and buy-in is critical for enforcement when it becomes necessary. Resources are available that can help you with development of a Security Policy at www.cert.org and www.sans.org, and there are several books on the subject, some of which have templates you can use. The books with templates typically cost between $500 and $2,000, and development of even a first draft of a Security Policy can easily be a 40-80 hour time commitment (or more, if done properly). QTS has developed its own master Security Policy template based on industry standards and QTS-identified best practices, and can help you develop a Security Policy customized to your organization. We offer our template along with a day of security consulting to help you define your organizational policy and get the process started, for a fixed fee, with additional consulting services available as needed. QTS can help you plan, build and manage a comprehensive security solution for your business. We utilize best of class products, and our staff's skill and experience is strong. Call us to discuss how we can help secure your network, and make it Worry-Free! |
|
This site last updated 09/13/04 |
|
