Corporate Policies, Processes and Procedures

Common Tasks

Community

Email Notifications

Personal Links

Security Protection - Harry Waldron (CS)

Security Best Practices, Breaking News, & Updates

Person The Internet Storm Center shares an excellent awareness on the need for companies to revisit their corporate policies to ensure they are up-to-date, relevant, and easy-to-understand. This is just important, as technological defenses. Both go hand-in-hand to protect the company. Revisiting your security policies is an excellent way to start the new decade.

Users need security rules and boundaries, so that acceptable behavior and a reduction of risk occurs in the workplace. Yes, there will some who march to the beat of a different drum and won't comply. Still, companies need to work with their users to promote the best in privacy, security, and information protection.

I've enjoyed authoring these guidelines in the past. Some ideas for success include:

Star Design in positive terms (minimize the "Thou shall not" statements, e.g., instead of "do not visit inappropriate sites" state as "users must visit business appropriate sites"). This promotes better best practices and eventual buy-in by the users.

Star Use reasonable controls rather than absolute restrictions (e.g., avoid saying "absolutely no personal use of IT resources" unless that is the desired policy and will be followed by all. Don't be too rigid or lenient in the design, so as to allow limited employee freedoms as long as there is a primary business use focus.

Star Use simplified language to promote understanding by all (avoid legalize, highly technical terms, complex and/or sentence structures, etc)

Star Monitor security policies and enforce them (educate first time violators rather than making examples of them)

Star Most importantly, publish them on your corporate Intranet where they can be kept up-to-date easily and so they are can be easily accessed by all

Star Publish company wide emails when policies change

Star Ensure senior management, HR, and Legal Counsel provide input, approve, and back these important guidelines

Internet Storm Center - The necessary evils: Policies, Processes and Procedures
http://isc.sans.org/diary.html?storyid=8071

QUOTE: It is one that you can't afford to overlook. I have found time and time again that having good policies, processes and procedures keep you out of trouble ... What ever the case, having good policies, processes and procedures will only make you and your organization better. So, since its the beginning of a new year, take some time and update your policies and look at your processes and procedures. Have they changed? Do they need updating? Are they even helpful? Writing something for the sake of saying you have it is a waste of time.

Posted: Jan 24 2010, 09:22 AM by Harry Waldron | with no comments |

Questions? Contact Susan at Susan-at-msmvps.com. Each post's copyright held by the original author. All rights reserved. Blog site is an independent site not sponsored by Microsoft.
Our servers would like to thank www.ownwebnow.com and www.exchangedefender.com. We wouldn't be here without the generosity of Vlad Mazek and his companies.

Powered by Community Server (Commercial Edition), by Telligent Systems

Theme based on the Paperclip Blog Theme included in Community Server.
Enhanced to a Site-Wide Theme by Interscape Technologies.