Writing Security Policies Archives

security policy development, Writing Security Policies

Key Elements of Information Security Policies

Posted on August 26, 2022October 26, 2022 by David Lineman

What is an information security policy? An Information Security Policy is a formal document that defines controls within your information security program. An information security policy is a high-level business rule that must be followed by the organization. Example Policy: All Company X user accounts must be approves by a member of the information technology […]

Continue reading →

Regulatory Compliance, Writing Security Policies

The IRS Data Security Plan: FAQ

Posted on May 5, 2022June 2, 2022 by David Lineman

Any IRS provider can develop a Data Security Plan using a quality Template.

Continue reading →

security policy development, Writing Security Policies

SEC Affirms the Need for Custom Security Policies

Posted on May 17, 2016 by David Lineman

The Securities and Exchange Commission (SEC) has been increasing its focus on the cyber security program of registered firms. In a recent SEC action, the SEC has highlighted an important point: That firms must show that they have worked to customize information security policies to meet their specific needs. The Safeguards Rule (which the Commission […]

Continue reading →

security policy development, Writing Security Policies

The ROI of Pre-Written Information Security Policies

Posted on March 25, 2014March 28, 2022 by David Lineman

Often it is difficult to justify security policy development to management. In many cases, this is due to a lack of understanding on just how detailed and complex policy writing can be. "Just go find a template on the internet." For those of you who have tried this approach, you quickly discover that there is [...]

Continue reading →

security policy development, Writing Security Policies

How to Structure Information Security Policies

Posted on February 11, 2014 by David Lineman

We talk to customers every day about security policies. One of the most common questions we receive is this: How should we structure our information security policies? When we dig deeper, we usually find that this is a really a two-part question regarding policy structure. First, how should we name and organize our documents. Second, […]

Continue reading →

Writing Security Policies

One Security Policy Document Or A Series Of Documents?

Posted on July 19, 2011 by Charles Cresson Wood

Plan First: We all know that it’s advisable to create a plan before undertaking a large and complex project. For instance, most reasonable people would not consider building a modern residential house, with plumbing, heating, electrical, lighting, and communications systems, if they did not first have a clear and specific plan (aka blueprint). Of course, […]

Continue reading →

security policy development, Writing Security Policies

Levels Of Maturity In The Security Policy Development Process

Posted on January 17, 2011April 4, 2022 by Charles Cresson Wood

Litmus Test: One high-tech company that this author was working with recently was considering the acquisition of another high-tech company. In order to gauge the sophistication of the information security effort at the target company, top management at the acquiring company requested a copy of the information security policy. The policy document in that moment [...]

Continue reading →

Writing Security Policies

When & Why To Publicly Reveal Internal Security Policies

Posted on September 10, 2010October 5, 2022 by Charles Cresson Wood

Never Say Never: In the absence of further information, written information security policies are by default generally considered information that is "for internal use only" or "restricted." There are many good reasons to refuse to release information security policies to outsiders. But the trend these days is towards greater transparency, greater accountability, and a more [...]

Continue reading →

Writing Security Policies

Implied Security Policies Create Added Risk

Posted on July 8, 2010 by David Lineman

The US Supreme Court has overturned a lower-court ruling and concluded that management has a right to review employee text messages on company-issued devices. If used as a precedent, this case may have far-reaching consequences for employee expectations of privacy in workplace communications. However, the ruling should also serve as a wake-up call for organizations […]

Continue reading →

security policy ownership, Writing Security Policies

Effective Security Policy Management – Part 2

Posted on February 11, 2009 by David Lineman

Part 2 of 7: Seven Elements of an Effective Information Security Policy Management Program Effective Security Policies Part 2. Defined Policy Document Ownership Security Policies can be viewed as contract between senior management, employees and third-parties about the ways in which the organization will protect information. By definition, a contract is between parties, and in […]

Continue reading →

Login

Register