Technology helps us to solve problems, but they are vulnerable to several types of threats. Any kind of lost or unavailability could be too dangerous for small and big companies. So, information security is a basic investment.

But, how do you decide what kind of investments are necessary?

First of all, you must know the cost of your business’ downtime to protect it against failures.

Planning
A deep investigation of users’ access to the internet together with your data security needs will help you to begin your security policy.

  1. What do you want to protect?
  2. What are the risks?
  3. What parts of your business are relevant?
  4. What do your users expecting from their computers? What do they need for their jobs?


Defining

Now, you can start writing your security policy. The best way to develop a policy is to work from an example policy. You can find several templates of security policies in the internet. You must define the mission of information security in your company: scope, responsibilities, enforcements, revision.

You need a Continuity Plan; which will involve a lot of areas in your company, such as technology, electric power, engineering, staff planning, communication, etc. Your users must know the Security Policy and they need to be trained constantly.
Processes must be review in a constant basis, to ensure that you have the latest and most up-to-date version of a solution.

Remember that threats and vulnerabilities are constantly evolving.

Implementing

So, you make business decisions and you know how important is protect you computer data. Security systems are the implementation of those decisions. Good security system starts with careful planning and understanding company business, not robust hardware and software.

Security policies are strategic documents that guide you for security. If you don’t understand your business needs it will be difficult implement and configure those security systems.

Remember that a firewall security policy cannot exist alone. It must be accompanied by your company board support, a policy that establishes how to maintaining physical security, staff training and awareness, and other specific security controls.

Using

A firewall stands between your protected network and public internet. Its main function is to examine traffic coming from the public side to the private; to make sure it reflects your security policies before permitting that traffic to pass through your private network.

Two things you must think about implementing firewalls:

1. Acquire the right firewall for you company

There are lots of firewalls in the market, but without a solid and trustable host, your firewall will be worthless.

2. Configure your firewall to meet your security policies

You could create rules that allow your users to access local web servers but that prevent employees to access local systems such as financial, development and human resources.

When you define a strong security policy that balances your users’ needs with your business needs, you will be able to find the right combination of IT resources to implement it. Keep in mind that firewall rules comes from your business needs.

One Reply to “How to create a security policy”

  1. Good read but throw all that theory down the drain as 99.5% of intrusions come from within. The ‘Enermy Within’

    Been in the industry, and well, U get to know why.

    Rule #1 : Fix the users First!

Leave a Reply

Your email address will not be published. Required fields are marked *