Policy Development

Policy Development

IT Security Policies are a critical component to the overall security of your environment.  The policies you establish define how your employees are to interact with technology in a secure manner, and establish guidelines for acceptable use.  Additionally, they provide guidance for the reporting of security-related incidents and enforce the importance of data security for the entire organization.        

The Walker Group can help you establish the IT Security Policies that make the most sense for your environment.  We have an ever expanding list of policy templates that you can purchase and modify yourself.   Or you can work with a Walker Security Engineer to tailor the policies to your specifications.

The current list of available policy templates include:

Corporate Information Security Policy

This is the company’s overarching information security policy. That is, it defines the company’s commitment to providing and maintaining data security and sets the expectations for the employees to adhere to the same standards.

User Authentication & Password Policy

This policy dictates the organization’s requirement for authenticated access to network resources through standard security measures including guidance for the creation of strong passwords. This policy ensures there are no systems on the network granting access to anonymous, guest or otherwise unauthenticated connections.

Network & Wireless Security Policy

This policy identifies the measures required to protect all data that traverses the network from unauthorized access, disclosure, duplication, modification, diversion, destruction, loss, misuse or theft. Examples of protection measures that may be included in this policy are firewalls, intrusion detection systems, wireless encryption, as well as other similar technologies.

Data Backup Policy

This policy dictates what data will be backed up, in general terms, and the storage requirements for backup media. This is not meant to be a detailed backup procedure that would identify exact data sets and backup schemes.

Sensitive Data Storage, Access & Authorization Policy

This policy identifies the individuals responsible for authorizing access to sensitive data and the process for requesting access. This policy also establishes the requirements for how sensitive data can be stored or transmitted – typically requiring encryption.

Remote Access Policy

This policy establishes the approved remote access solutions as well as the requirements for remote systems and users seeking to gain remote access to the network.

Server Security Policy

This policy dictates the protection measures required for all servers in the environment. This includes physical and logical security. Example items may include locked rooms, RAID arrays, power protection, audit logs, etc.

Workstation Security Policy

This policy dictates the protection measures required for all workstations in the environment. Example items may include password protected screen savers, software firewalls, virus protection, etc.

Anti-Virus, Anti-Malware Protection Policy

This policy identifies where protection measures are required and the general capabilities required of the solution(s).

Mobile Device Policy

This policy identifies security requirements for mobile devices, such as cell phones, tablets and laptops, that may store or access company data. Example items may include disk encryption, display locks and remote wipe capabilities.

Removable Media Security Policy

Removable Media Security Policy

Vulnerability Management Policy

This policy dictates that known vulnerabilities are to be identified and patched on a regular basis on pertinent systems.

Email Use Policy

This policy defines acceptable use of the company email system, establishes the company’s overall ownership of email that traverses the corporate email system and defines what type of data can or cannot be transmitted via email. This could potentially be rolled into a generic acceptable use policy but there are typically enough parameters defined to warrant it being a separate policy.

Audit Logging Policy

This policy identifies the systems and the level of logging required. Example logging may be for successful or failed system or data access, remote access attempts, etc.

Email Retention Policy

This policy defines what information sent or received by email or instant messaging technologies should be retained and for how long.

Acceptable Use Policy

This policy establishes what the company defines as acceptable usage of the corporate information technology systems. This includes workstations, servers, internal network resources, wireless, etc.

Client Data Retention Policy

This policy identifies the type(s) of customer data and the period of time for which it may be retained.

Breach Notification Policy

This policy identifies the time frame and communication method by which the notification of a data breach will be disseminated to the affected parties.

Media Sanitization & Disposal Policy

This policy identifies the requirements and acceptable methods of removing company data from systems or devices prior to disposal or reuse.

Email Encryption Policy

This policy dictates the use of encryption when transmitting sensitive data via email.

If a policy you require is not listed above, please contact us directly and we will create it for you.