Policy & Procedures Assessment & Development


Why Policies & Procedures Play Such a Big Part of Cybersecurity

Cyber-attackers rely on employees not knowing the guidelines of their organization's business practices or not following established policies and procedures.

More often than not, organizations have established business processes and procedures that are outdated or have not been reviewed on an annual basis.

The importance of policies and procedures for cybersecurity cannot be overstated. Imagine if your organization gets breached and doesn't have an Incident Response Policy, your business will lose valuable time in remediating the threat because employees won't know who to call or what to say to your clients.

Policies Every Organization Should Have

  • Acceptable Use Policy
  • Access Control Policy
  • Bring-Your-Own-Device (BYOD) Policy
  • Business Impact Analysis (BIA) Policy
  • Business Impact Analysis (BIA) Template
  • Business Continuity Management Policy
  • Change Management Policy
  • Communication & Operation Management Policy
  • Data Classification & Handling Policy
  • Data Retention Policy
  • Disaster Recovery Policy
  • Encryption Policy
  • HR & Personnel Screening Policy
  • Incident Response Policy

  • Incident Response Process & Procedures
  • Information Security Policy
  • Logging & Monitoring Policy
  • Mobile Device Policy
  • Patch Management Policy
  • Physical Security & Environmental Protection Policy
  • Remote Access - Teleworking Policy
  • Risk Management Policy
  • Security Awareness & Training Policy
  • Supplier Relationship Policy
  • System Acquisition & Development & Management Policy
  • Technical Vulnerability & Mitigation Policy
  • Virus & Malware Protection Policy