Social Network For Security Executives: Help Make Right Cyber Security Decisions
'Development of enterprise level Information Security Policies, Procedures and Standards' was an initiative to ensure we have an enterprise wide policy, procedures and standards for ensuring smooth Governance & Compliance of Information Security practices. The standards based on industry benchmark such as CIS, NSA, NIST helps an enterprise to configure, implement, manage and monitor the robust Infrastructure and best security practices through business approved policies and procedures. Through this project, we are coming up with policies, procedures and technical control standards that enable streamlining and strengthening the implementation of Operating Systems, Databases, MS Office / Exchange environments, Server Infrastructures, Network/Firewalls Infrastructure, Virtual machines, Remote Access, Mobile Technologies, Secure file/data transfers, Encryption, Access management, Incident Management, Business Continuity Management etc.
Checklist for Technology/Vendor/Solution Evaluation:
•Ensure company is registered/subscribing to one or more industry standard/benchmark. Eg. Center of Internet Security (CIS), National Institute of Standards and Technology (NIST), National Security Agency (NSA) etc.
•Ensure an Information Security Policy Framework is in place that describes the company strategy to have
• Understand the current enterprise implementations, documentations, policies, procedures and other artifacts in place
The infrastructure –
• Define the team structure involved in policy development, review, testing, approvals etc. E.g.
( Read more: How Should a CISO choose the right Anti-Malware Technology? )
Key Learning: Do's and Don’ts
- With Mahesh Sonavane,SunGard Global Technology on How To Evaluate Compliance Solutions ClickToTweet
What are your evaluation parameters for GRC Solutions. Share your views in comments below or write your article here