The policies you use to protect your information assets depend on your security goals that must be up-to-date, meet all standards for your industry and commerce, and be concisely- transmitted to every manager, all end users, and the entire operations staff. A security policy must be carefully created. It is a documented and formal statement of the rules that regulate how your particular organization manages, protects, and uses information and information assets. The security policy will therefore be tailored to your business, its goals, setup, and controls, and the systems' distribution of user responsibilities.

Sample Case

Customer: Major American Power Generation Company
Services: Security Policy Review
Problem: Policies had been developed in the late 60's for securing information assets that existed within the mainframe computer environment. The current environment, however, had evolved into a modern distributed network environment, making the old policy difficulty to apply and sometimes impossible to administer. The policy had become irrelevant and was generally ignored.
Solution: ESTec consultants worked with the client to develop principles-based policies that met current systems and would be the basis for all computer evolutions within the foreseeable future. Management adopted the new policies. They implemented the security awareness training, which ESTec recommended to them, and changed at once to the new set of security management functions required by the new information security policies.
Results: With security policies that actually worked in the modern computing environment, it was once again possible to apply the policy. Security management became easier and the number of security breaches was greatly reduced.