Security Policy Development

Policies

The information security policy is the single most important document in any information security management system.  It defines why and how an organization intends to secure its information systems.  PatchAdvisor can help develop and review information security policies and assist in justifying the need for an effective information security policy to senior management.

Standards

Standards define the principles and levels of security required to implement the information security policy within the organization.  They establish a series of criteria that must be met to implement an information security policy.  PatchAdvisor’s consultants can help develop technical and general standards that interpret information security policy objectives and define controls that manage the risks to the organization’s information systems.  PatchAdvisor can also help develop a standards framework to ensure an integrated approach that address all key policy and risk areas.

Procedures

Procedures are the most detailed documents in the information security management system.  They provide instructions for implementing standards and are often in the form of day-to-day working instructions.  PatchAdvisor can assist with the interpretation of standards into practical working procedures.

Maintenance

All information security control documents need to address the organization’s information security risk management requirements.  PatchAdvisor can review the organization’s policy, standards and procedures to ensure that they provide adequate levels of protection and reflect the industry’s best practice.  PatchAdvisor consultants can also make cost-effective and practical recommendations in those areas where improvements may be necessary.

Policy and Standards Reviews

In today’s technological environment, it is impossible for an organization to maintain security expertise in all technologies.  Further, the rapid evolution and deployment of technology-based business solutions quickly outgrow existing corporate policies and standards.  PatchAdvisor’s consultants can supplement internal resources with both compliance reviews to ensure conformance with prescribed standards, and effectiveness reviews to determine the continued validity of existing standards.