Information Security Policies

Information Security Policies


As organizations are adapting to new security measures, a revision of the internal IS security policies is necessary. The activities to undertake such an initiative can be summarized in 8 tasks as per table below.

1Review existing security policy and identify gapsEnsure if readability of the policy is adequate for all stakeholders.
2Research current methodologies and tools to implement an effective security policyReview updated encryption and password construction mechanisms. Reorganize the policy for improved readability and ensure that each policy has control mechanisms.
3Train internal team for readinessInclude security, disaster, data breach and drills in the relevant policies.
4Obtain necessary budgetary figuresBuild the necessary business case with associated risk for each budget line.
5Prepare the executive team for the changesObtain the necessary executive buy-in and sponsorship to implement the necessary changes.
6Set expectations Clearly explain what risks are being mitigated and the effort required.
7Set timelineSet reasonable timelines whilst avoiding unnecessary rush and pressure on the various teams.
8Prepare all organization for the changes aheadCommunicate, monitor and communicate again.
Activities to implement a revised IS security posture within the organization

The following handbook encompasses the most common security policies. Please reach out for a word document.