Security policy is the foundation of information security in any organization as it faces the ever increasing security threats from a wide range of sources making them vulnerable to attacks such as computer viruses, hacking and denial of service attacks.
Well implemented security policy provides direction on the strategies and specific set of measures necessary to protect information and people in the organization. It also establishes guidelines for staff on usage of information processing means (computer, mobile) during implementation of their job duties.
Varzia bases its approach to develop information security policy on widely recognized standards family of ISO 27000 with the following key steps:
Information assets identification for protection.
Identification of all the vulnerabilities and threats and the risks associated with them.
Decision on cost-effective measures to protect the assets.
Communication of findings and results to the appropriate parties.
Development of policies, standards, guidelines and procedures practically implement
Continuous monitoring and review the process for improvement.