Policy Development

POLICY DEVELOPMENT

[wpseo_breadcrumb]

The foundation of your technology infrastructure

Proper policy development and implementation provides employees with the knowledge they need to protect your organization against cyber-attacks. Policies must be designed to support risk management goals while maintaining business operations. Cyber Knight’s risk assessment process involves one-on-one interaction with business leaders, allowing our consultants to fully understand your needs and draft your policies in a manner that will support your objectives.

Basic education and guidance goes a long way. Understanding the difference between policies, standards, baselines, and other documentation is important as well. Our consultants understand the relationship between each documentation type and can help draft the policies and procedures that best fit your organization.

UNIQUE POLICY NEEDS

Your organization is unique and we believe its policies should be developed to fit those specific needs. Our consultants meet with you to gain a full understanding of your organization’s culture and business objectives. We work with you to build a robust documentation portfolio that supports your tolerance for risk and meets any regulatory or audit requirement.

DOCUMENT TYPES

Policies & procedures

  • Information security policy
  • Physical security policy
  • Access control policy
  • User authentication & password policy

Click here to read more

  • Anti-virus policy
  • Patch management policy
  • Vulnerability management policy
  • Key management policy
  • Software development lifecycle policy
  • Log creation & retention policy
  • Data retention and disposal policy
  • Sensitive information policy
  • Human resources policy
  • Security awareness & training policy
  • Acceptable use policy
  • 3rd party relations policy
  • Incident management policy

Technical Baselines

  • VPN / Multi factor authentication
  • IDS / IPS configuration
  • Access control system configuration (physical & logical) & logging

Click here to read more

  • Video surveillance & logging
  • System logging configuration
  • File integrity monitoring configuration

Guidelines

  • IT Acceptable Guidelines
  • Do’s and Don’ts related to different practices

Standards

  • Firewall & router configuration & standard
  • Wireless configuration & standard
  • Systems configuration & standard (including anti-virus, patching and NTP)
  • Access control standards
  • Password standards

Click here to read more

  • Access control principles
  • User registration standards
  • Privilege management standards
  • User ID management standards
  • Email security standards
  • Laptop and desktop standards
  • Clear desk and clear screen standards
  • VOIP security standards
  • VPN security standards
  • Network security standards
  • Server security standards
  • DR site standards
  • LOG standards
  • Application security standards
  • Physcial and evniromental security standards
  • Security incident management standards
  • Virus prevention standards

Procedures

  • Access control (physical & logical) procedure
  • User authentication & password procedure
  • Change management process
  • Software development lifecycle process
  • Vulnerability management process

Click here to read more

  • Log creation & retention procedures
  • Data retention and disposal procedure
  • Information media procedure
  • Incident management procedure