esureity.com Welcome to eSureITy - Information Security Policy Development

 

home

Information Security Policy Development

eSureITy understands that the most important aspect of compliance attainment are the Policies, Procedures, Implementation and enforcement of sound security policies that govern the activities of your employees.  A key concept to consider when creating a policy is its ability to be implemented. In many cases we find and review policies that are well crafted, but are impossible to actually implement. Whether it is the lack of human, technical or financial resources, or the lack of enforcement criteria, many policies lack a “real world” approach to Information Security. A policy that is not implemented is not a working policy.

The categories covered by our standard assessment and reporting process include but are not limited to the following:

  • SECURITY POLICY
  • SECURITY ORGANIZATION
  • INFORMATION ASSET CLASSIFICATION AND CONTROL
  • PERSONNEL SECURITY
  • PHYSICAL AND ENVIRONMENTAL SECURITY
  • COMMUNICATIONS AND OPERATIONS MANAGEMENT
  • ACCESS CONTROL
  • SYSTEMS DEVELOPMENT AND MAINTENANCE
  • BUSINESS CONTINUITY MANAGEMENT
  • COMPLIANCE

We take a very comprehensive approach to Information Security Policy development. Legal, financial and operational commitments on the part of our customers demand that policies are developed and documented with an attention to detail that is commensurate with their compliance and regulatory requirements. To this end, eSureITy’s policy writing process is designed to allow for the proper management of enterprise security through sound policies that are comprehensive and effective.

Finally, our extensive experience in the penetration testing, compliance auditing, and enterprise risk management affords our technical writers and security policy assessors a truly unique perspective on the topic of enterprise information security policy. This benefits our customers immensely by utilizing our “lessons learned” to generate working documents that are well received by employees and auditors.

 

Learn More    |    Back to top