|
The recent Department of Trade and Industry survey (Information
Security Breeches Survey 2000) asserts: "The presence of a
formal policy is one of the most important issues in reporting
and resolving security breaches. Given the prominence of 'people
issues', ranging from user and operator error through to fraud,
typically being the cause of security breaches, the need for
implementing a framework for information security management
systems is stronger than ever before."
All organisations
will have an idea of how to keep their information systems
safe, but without an established and documented security policy,
it is hard to make sure your employees, contractors and suppliers
are not compromising your security. Also, with the growing
need to adhere to quality management standards, your organisation
will need to prove it is secure. Elefire will simplify this
daunting task with a complete service to help review, document
and implement an effective Security Policy.
The objective
of the Elefire Security Policy Documentation Service
is to work with your key IT and business personnel to document
and implement a Corporate Security Policy. The policy will
define the responsibility of each employee in ensuring common
best practice for information security is followed, thus removing
the chances of neglecting any aspect of security through ill
defined roles. A Security Policy Document will also ensure
that all essential legislative requirements are adhered to.
Elefire
will deliver a Security Policy that will form the basis of
your organisation's Information Security Management System
(ISMS), providing management focus and commitment to a complete
security culture within your organisation. Convenient references
within the Policy document direct users and management to
relevant supporting documentation including Standards and
Procedures Documents.
|
|
Review
and evaluation of an organisation's Security Policy are paramount
to the ongoing effectiveness of the ISMS. The British Standards
Institution details the significance of an independent review
(BS7799/1999). They recommend that an organisation's security
policy "should be reviewed independently to provide assurance
that organisational practises properly reflect the policy,
and that it is feasible and effective." Elefire offer a Security
Policy Review Service to evaluate the cost and impact
of controls on business efficiency and assist in defining
benchmarks indicating how an organisation's security objectives
should be achieved, measured and reviewed.
The review
also analyses significant security incidents as well as new
vulnerabilities or changes to business or technical infrastructure
of your organisation. Modifications in Government legislation
affecting an organisation's responsibilities regarding their
ISMS are also addressed in this phase.
After
a Security Policy Review phase Elefire will provide you with
an updated high level corporate security policy reflecting
management focus and individual responsibility towards a complete
security culture within your organisation. Prioritisation
recommendations regarding the implementation of the Security
policies are provided based on cost and impact of controls
on business efficiency as well as industry benchmarks and
Government legislation.
|
