Institute for Advanced Professional Studies

Writing and Updating Security Policies

Security Policy:

Information systems security policies are well defined and documented sets of guidelines that describe how an organization manages, protects, and makes future decisions about its information and systems assets. The goals of security policies are to:

  • Identify the corporate information assets that are to be protected
  • Assess the effort appropriate to protect those assets
  • Ensure compliance with any governing statutes
  • Provide a framework for making future decisions consistent with the policy and corporate requirements

What's Needed?

A successful IT system security policy is one that is easily understandable, practical, enforceable and effective. Security policies cross all organizational and political boundaries. Effective policies are often best written, reviewed and/or updated by impartial third party computer security experts working closely with knowledgeable staff.

Our Services:

Take advantage of our expertise to achieve the full benefits from, and avoid the pitfalls of, security policy development and implementation. We use a straightforward yet effective methodology that has worked well for our clients. We assist clients to:

  • List and classify their computer and information assets
  • Analyze current and future risks
  • Evaluate the organization's culture and appetite for risk
  • Develop and implement policy (incrementally, with management and user buy in and acceptance along the way)
  • Create policy that accommodates future technology change and business growth
  • Establish compliance metrics
  • Implement effective enforcement strategies

Further Information:

We welcome your inquiries and the opportunity to discuss your organization's security policy consulting and training requirements. We look forward to hearing from you.

© Copyright 2002-2015 Institute for Advanced Professional Studies (IAPS)