Implementing Security Policies

Implementing security policies can be as easy or as hard as you want to make it.  Ignoring security or making it a lower priority can have terrible impacts.  And those impacts may not always be the result of a direct attack; perhaps you are one of those companies that are collateral damage to a larger breach.  How do you know how to respond?  How will you know what to do?

A security policy should address some key elements:

  1. What are the threats to your business.
  2. What are your vulnerabilities?
  3. Who is it applicable to?  Short answer is everyone.
  4. What do you want to address? Define the policy and the actions.
  5. What is the standard and your expectations?
  6. What do you do when an incident happens?  And when do you rehearse?
  7. How often will you review and update them?

This is the foundation and it certainly can be more extensive.  At a minimum, it makes security part of your culture.  It makes you and your employees evaluate normal day to day business with a security eye and to put security at the forefront of your day to day business operations.  In 2014, over 90% of security incidents were the result of human error according to IBM, and the number will likely be close to the same in 2015.  Setting up security policies and following up with training will set your business up being an alert and aware organization.  And you will be better prepared.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s