Layered Security: IT Policies, Standards and Guidelines
Last week we outlined the seven-layer approach to security recommended by Horn IT Solutions. Today, we’ll discuss the first layer in more detail. The foundation of any good security approach isn’t at the software or hardware level, rather, it is the IT policies and guidelines that govern every decision your organization makes about security position.
Strong IT policies, standards and guidelines meet three criteria:
- They define your cyber security stance, to yourself and your stakeholders.
- They set the standard your cyber security performance should be measured against.
- They align your business with standards recognized in your industry, such as ISO, NIST, ITAR, SANS Top 20 or any other industry standard.
Creating IT policies and guidelines that meet these criteria and are simple and executable can seem like a daunting task, and is one that would be easy to skip, instead jumping ahead to implementing security measures, but jumping forward in the process would be a mistake. Without strong governing principles guiding your organization, even the slightest disruption in personnel, technology or innovation can be crippling.
Horn IT offers consulting services that can work with your executive branch and information technology personnel to create complete policy and procedure documents that will form the base of your layered security approach.
Working with a consultant from Horn IT Solutions is the first step to strengthening your data security. For a free consultation about what steps your business will need to take to protect your data, contact Horn at (888) 429-5177.
To subscribe to our series about data security, please complete the form below.