Consultancy
All industries have their own set of expert and their core competencies. Having said that, it is not feasible for the organization to have all the skill set readily available under one roof.
IT Security Policy and Procedures
Policies define how ITS will approach security, how employees (staff/faculty) and students are to approach security, and how certain situations will be handled. An IT Security Policy identifies the rules and procedures for all individuals accessing and using an organization’s IT assets and resources.
An Information Technology (IT) Security Policy identifies the rules and procedures for all individuals accessing and using an organization’s IT assets and resources. Effective IT Security Policy is a model of the organization’s culture, in which rules and procedures are driven from its employees’ approach to their information and work. Thus, an effective IT security policy is a unique document for each organization, cultivated from its people’s perspectives on risk tolerance, how they see and value their information, and the resulting availability that they maintain of that information. For this reason, many companies will find a boilerplate IT security policy inappropriate due to its lack of consideration for how the organization’s people actually use and share information among themselves and to the public.
The objectives of an IT security policy is the preservation of confidentiality, integrity, and availability of systems and information used by an organization’s members. These three principles compose the CIA triad:
-
Confidentiality involves the protection of assets from unauthorized entities
-
Integrity ensures the modification of assets is handled in a specified and authorized manner
-
Availability is a state of the system in which authorized users have continuous access to said assets
A mature security program will require the following policies and procedures:
-
Acceptable Use Policy (AUP)
-
Access Control Policy (ACP)
-
Change Management Policy
-
Information Security Policy
-
Incident Response (IR) Policy