Did you know?
Information security policies and procedures are the backbone of an organization and the foundation of a good security program. If you have information security policies that haven’t been updated in years, you are potentially opening the door and welcoming vulnerabilities from outside threat actors as well as insider threats due to misinformed employees.
This is just an example of increasing regulatory oversight over cybersecurity and even if your organization doesn’t have clients in the EU, it is a good idea to have policies and procedures in place to protect data. Breaches are becoming more commonplace and consumers are demanding more protection over their data.
How often should I review and update my policies?
At a minimum, TechGuard Security recommends an annual review of Information security policies. But there are several reasons why information security policies should be updated more regularly. Most importantly, the threat landscape is evolving, and policies require updates to combat new threat vectors. Implementation of new technologies or systems, organizational structure changes or growth (merger & acquisition) and changes to laws and regulations are among the top reasons to review and update information policies and procedures.
The TechGuard Solution
At TechGuard Security, Cybersecurity Consultants have adopted the Center for Internet Security (CIS) Top 20 Critical Security Controls (CSC) as our baseline for IT Security Controls Audits and use this as our standard when an organization does not have a regulatory requirement to adhere to a specified framework. Many common frameworks can be cross-mapped to the CIS Top 20 Critical Security Controls. TechGuard can also assess against these frameworks:
- PCI DSS
Click HERE to learn more about the Core Cybersecurity Services offered at TechGuard Security, LLC.
Written by Kerri Setzer
Kerri Setzer is a Cybersecurity Consultant at TechGuard Security where she conducts penetration tests, vulnerability assessments, social engineering exercises and IT Controls Audits. Previously, Kerri spent five years in a Fortune 500 healthcare organization in an operational capacity; developing and maintaining advanced information technology solutions while ensuring IT solutions implemented within the organization met HIPAA compliance. She has participated in countless audits to validate various controls under SOX, HIPAA, PCI-DSS and NIST 800-53. In her spare time Kerri enjoys running, fishing and playing outdoor sports with her husband and four daughters.