THE IT SECURITY PROFESSIONAL |
Barlowtek
The It security Pro
Helping Organizations Understand IT Security
&
Best Practices
Standards vs. GuidelinesWhen it comes to IT Security policies, all professionals know that it is the foundation from which to secure the business. Whether the policies are created to be in line with a standard or regulatory requirement, it is important that the company find the right level of compliance that fits their needs. This is where the employment of an experienced IT Security Professional pays off, since they can guide your organization through the perils process of policy development. Documenting Processes When it comes to developing policies that help to ensure the protection of the business, it is important to remember that you will want to document the current processes first. Whether these processes or guidelines are correct, the development of new policies should always start with understanding where you have come from. Here are some of the items to look at when starting the IT Security Policy development process:
Standards vs. Guidelines When looking at standards or guidelines, it is important to remember that standards have been developed to meet a specific requirement. Whether this was based on an industry or community need or governmental oversight. Standards can be either prescriptive or suggestive, which leaves a lot of lea way for the business to work with in how they are going to comply with the standard. Guidelines provide a broad-based approach to compliance and are usually developed by the industry for which they are created. This helps the business in the implementation process since they have been developed for a specific niche within IT Security. In addition, guidelines are usually a halfway point between no requirements to full governmental regulation. The goal here is to insure the public that your company does business with that you are doing what it takes to protect their data. Compliance with a standard or guideline shows that someone outside your organization agrees with that assumption as well. Required Standards Many standards have been created over the years that all help organizations become safer when it comes to IT Security. These have even been tailored to specific industries or types of information that may be encountered by businesses doing work in a particular field. Government and industry regulations have also come into being with the need to protect sensitive information not being left to organizations to develop. Some common standards are:
Communicating Compliance One of the biggest reasons that a company will choose to adhere to a compliance standard is that they are being required based on the particular industry they are in, or their customers are asking for it. Either way, it is imperative that a business communicate their compliance status when the time comes. This can happen with a press release or some other communication method, but the overall goal is to let the world know that your business has accomplished a HUGE goal of complying with an established standard. The company has invested time, energy, and resources to getting the certification and it is important to get the most bang for the buck with it. For the IT Security Pro it can be a daunting task to accomplish, but giving management the keys they need to make things happen can be incredibly helpful in growing both the business and the customer base. You want this to pay off… Sense of Security
Whether you like it or not, most customers hear that you are certified in a specific area, feel more secure with using your business to do the work they need from you. Compliance has the ability to make sure that your business is doing all the right things. As the key person or team to manage the compliance, the IT Security Pro needs to make sure that all their efforts are put into maintaining that compliance. It is difficult to obtain compliance sometimes, but it is more difficult to maintain it over a length of time. (Alternatively, to improve your business security posture over time, which is a requirement of ISO 27001) Summary While IT Security Pros the world over put a lot of time and effort into obtaining and maintaining compliance with established standards. It is important to remember that there is a reason for do so. It is to protect the company and the public from a potential attack or some other unidentified threat. All the time and energy that it takes to obtain the certification goes in to helping to shore up your business from attackers. No matter what standard your company chooses to comply with or is required to comply with, your efforts will be rewarded. Compliance standards have a way of walking the IT Security Team through all of the various systems within an organization and allows for a very detailed look at your company’s IT Security posture. Standards look at your business as a whole, and can provide the company with a means in which to secure their business environment. How much is that worth to you?
0 Comments
|
IT Security ProSecuring the future one byte at a time! Mr. Barlow is here, staying ahead of the curve in Information Security Leadership. Ready to help your company stay safe and secure. Categories
All
Archives
January 2023
|