No amount of resources or funds can make up for a security system that has poorly defined or out-of-date policies and procedures.
Just as with any department in your organization, your security department needs clearly defined goals and objectives if it is to operate optimally, with the roles of every individual and group spelt out so that there is no room for misinterpretation. These are the functions of your Security Policy & Operating Procedures, both for Physical Security and Information Security. Security threats are not static though, and potential attackers are always developing new methods and tools to break through your defenses. It is imperative that after development and implementation, Security Policy and Operating Procedures be subject to regular expert review, to ensure that emerging threats can be dealt with. There is no room for complacency against a determined foe.
With our expertise and up-to-date knowledge of the threats and the solutions to them, Lorin’s consultants can aid in both the development of your organization’s Security Policy & Operating Procedures, and in the review of existing Policy & Procedures. These will ensure the optimal utilization of available resources and assets, and function to control legal liability.
- Statement of Security from Senior Management – this statement establishes organizational support and commitment to proper and effective security practices
- Physical Security Policy & Procedures
- Information Security Policy & Procedures
- Operational Procedures
- Acceptable Use Policy – defines the role in security played by all employees, defining what is acceptable behavior in the use of company facilities, lowering the risk security breaches caused by an employee’s abuse of company resources. This also potentially lowers the risk of litigation by employees, regulatory agencies or third parties adversely affected by such a breach
- Emergency Response Procedures
- Disaster Recovery Procedures
- Security Monitoring
Developing Security Policy & Procedures
- Collecting Raw Data – interviews with key personnel to determine requirements
- Draft of Policy & Procedures
- Final Implementation