IT Security Policies are vital to the successful implementation of an IT security program in a large corporate environment. IT Security Policies must achieve the appropriate balance between providing an adequate level of guidance and control, while also being enforceable and manageable within a corporate environment. Furthermore, in order to be widely accepted, it is important that an IT Security Policy not impinge on the ability of the organization to conduct its business.
Avaleris has developed a wide range of IT Security Policy, Standards and Procedures for companies from a range of different industries. We’ve been involved in writing policies from the ground up and revising existing IT security policies to maintain currency against new and evolving threats. Our identity management work has also allowed us to develop our skills in the development of specialized and system specific security policies and standards such as Certificate Policies and Certificate Practice Statements.
Our IT Security Policy service offerings include:
- IT Security Policy, Procedures and Standards Development
- Certificate Policies and Certificate Practice Statement Development
- System Hardening Standards and Guides
- Access Control Policies and Procedures
- Periodic Review, Updating and Optimization of IT Security Policies
Our methodology for developing security policies includes an initial Risk Assessment to identify the high level threats that are applicable to an organization and then a gap analysis to determine the extent to which existing policies and procedures exist. Our IT Security Policy development work leverages widely accepted industry standards such as ISO17799, GMITS, and COBIT. Certificate Policies and Certificate Practice Statements are drafted in accordance with IETF RFC 2527.
The benefit to Avaleris’ approach is an IT Security Policy that is tailored to organizational business requirements, appropriate to common threats within a given industry and balanced in accordance the level of resources available to implement the policy within a given organization.