{"id":112,"date":"2005-10-10T00:00:00","date_gmt":"2005-10-10T00:00:00","guid":{"rendered":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/2005\/10\/10\/how-good-is-your-security-policy\/"},"modified":"2021-12-30T11:36:32","modified_gmt":"2021-12-30T11:36:32","slug":"how-good-is-your-security-policy","status":"publish","type":"post","link":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/2005\/10\/10\/how-good-is-your-security-policy\/","title":{"rendered":"How \u2018Good\u2019 is Your Security Policy?"},"content":{"rendered":"<p>Does &#8216;good&#8217; mean it&#8217;s clearly written and easy to understand by all your staff, or does it simply mean that it now includes a section dealing with mobile devices such as PDAs and USB sticks?  The primary aim of your information security policy must be to enable your organisation and all of your employees to operate in a safe and secure manner.  An appropriate policy, effectively applied, should minimise the potential for security breaches, adhere to the latest standards and ensure your organisation remains legally compliant.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>It is not unusual for organisations to have a number of disparate documents distributed throughout the business, each addressing various issues such as acceptable use of company e-mail and the Internet, physical security of company assets, and so on.<\/p>\n<p>Security policies have a number of human, financial and legal consequences. Because of this, great care needs to be taken to ensure that such policies accurately reflect the current situation. <\/p>\n<p>Certainly, the legal requirements for the protection of personally sensitive data have changed dramatically of late and it is common to discover that individual organisations&#8217; security policies have not kept pace.  Additional legislation dealing with the protection of data and monitoring in the workplace has been introduced recently that may have a significant impact on both public and private sector organisations.  Many organisations are required to demonstrate to external and internal auditors that they meet prescribed standards in the way in which they secure and operate their businesses  Correctly interpreting how the various pieces of legislation and corporate governance guidelines apply to your organisation is a serious challenge and one where mistakes potentially can prove very costly.<\/p>\n<p>Best practise (BS-7799\/ISO-17799) recommends that security polices are updated regularly so as to ensure organisations continue to protect themselves from the risk of security breaches whilst remaining legally compliant.<br \/>\n\u00b7  Does your current policy incorporate sufficient procedures to cover the use of Personal Digital Assistants (PDAs) and similar mobile devices?<br \/>\n\u00b7  Do any of your personnel work remotely or on the move and, if so, are they connecting securely?<br \/>\n\u00b7 Are you aware of the main areas contained within &#8216;The Telecommunications Lawful Business Practise Regulations&#8217; and &#8216;The Employment Practices Data Protection Code&#8217; in respect of the monitoring of communications?<br \/>\n\u2022 Does the Civil Contingencies Bill (which came into force last year) apply to your organisation?<\/p>\n<p>If you are unsure about any of these issues \u2013 and this is by no means an exhaustive list \u2013 it is highly likely that your security policy needs reviewing and updating. <\/p>\n<p>http:\/\/www.ebcvg.com\/articles.php?id=935<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-112","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/112","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=112"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/112\/revisions"}],"predecessor-version":[{"id":2599,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/112\/revisions\/2599"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=112"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=112"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=112"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}