Information security policies and procedures are the cornerstone of any information security program - and they are among the items that typically receive the greatest scrutiny from examiners and regulators.
But beyond satisfying examiners, clear and practical policies and procedures define an organization's expectations for security and how to meet those expectations. With a good set of policies and procedures, employees, customers, partners and vendors all know where you stand and where they fit in re: information security.
The key to creating effective policies and procedures is to start with a solid risk assessment, and then follow a measured program that includes:
- Implementation
- Monitoring
- Testing
- Reporting
It's a daunting task to create effective policies and procedures, and it's ongoing work to monitor and maintain them. But in this age of endless information security threats, please remember: Policies and procedures aren't just a "nice to have" - they're a must.
Information security policies and procedures are the cornerstone of any information security program - and they are among the items that typically receive the greatest scrutiny from examiners and regulators. Cursory, disconnected or poorly communicated security policies will fail and likely drag down the overall information security program with them.
Register for this webinar to learn:
- How to ensure your policies map to your own institution's risk profile;
- How to structure your policies and presentations to senior management and board members; The basics of information security policies and what they must cover.
No comments:
Post a Comment