Why Does My Company Need Policies?
Security policies are an absolute must for any organization. They provide the virtual glue to hold it all together. Imagine a small city that did not have any rules? What would life be like? The same applies to your organization.
Who Should Be Concerned?
Basically, everyone should be concerned with security policies because everyone is affected by them to some extent. The system users are typically affected the most as they see the policies as a set of rules to regulate their behavior and make it more difficult for them to accomplish their job. The people who have to support the infrastructure are concerned since they are the ones who have to implement and comply by many of the policies. For example, a policy that requires all Solaris hosts to be installed according to a baseline security standard would require more work on the part of the system administrators, not only for the initial installation but also for the upkeep of the system.
Security Policy Development:
Axxera’s Security Professional Services performs the following services in connection with Security Policy Development:
- Evaluate Business Operations and Objectives
- Develop organizational infrastructure for support of policy deployment, enforcement and upkeep
- Review of current informal policies and procedures in place
- Rectify areas that lack policies
- Develop security policy framework
- Develop formal policy guidelines
- Train key personnel on policies
- Transition policy ownership to customer’s policy upkeep infrastructure