Information/Cyber Security Policy

Information/Cyber Security Policy Development

Image

New Regulations now require every business organization to have an Information Security/Cyber Security Policy in place.

RSC will custom design a Security Policy that is both comprehensive yet relatable, and one that can be easily implemented and updated as Regulatory requirements evolve.

With the advent of new Legislation and Regulations, an Organization cannot conduct buinses without one.

RSC Cyber Security Engineers comply with and refer to all of the following regulatory organizations:

NIST, FFIEC, ISO 27000 Series, SSAE16 (formely known as SAS70 Types 1 & 2)

Center for Internet Security, SANS Institute, Carnegie Mellon University's Computer Emergency Response Team , along with multiple recognized Information Security Forums and other known Information/Cyber Security Leaders.

Cyber Security Policy Review

RSC Cyber Security Engineers will review and analyze the existing (Cyber) Information Security Policy for Compliance.

Cyber Security Policy Review Specifications

  1. Identify the Compliance Authority that needs to be applied to the existing Cyber Security Policy. Given that a Customer may have many different Vendors/Customers that they Use/Service, there may be more than one Compliance Authority or Regulation that applies.
  2. RSC Cyber Security Analysts will create a detailed "Gap Analysis" of your existing (Cyber) Information Security Policy to current Compliance Guidelines.
  3. After the GAP Analysis is complete, RSC Cyber Security Engineers will review and validate that all controls and procedures specified within the Cyber Security Policy are in place and operational.
  4. All deficiencies will be presented to the Customer in a formal review meeting. Each deficiency will be recorded in the RSC Waiver system for tracking and accountability.
  5. All Waivers will be reviewed as they are resolved by the Customer and RSC Cyber Security Engineers.
A Cyber Security Policy is a "Living Document" and needs to be updated as Cyber Security Guidance and Regulations change. As these changes are encountered, RSC Cyber Security Analysts will inform the Customer of changes and impacts to their implemented policy.

Cyber Security Policy Development

RSC Engineers are experienced with the implementation of Identity Management, including for Secure Single Sign-On Solutions. Our team will custom design a Cyber Security/ Information Security Policy to successfully navigate through even the most challenging environments of your specific corporate requirements.

Cyber Security Policy Development Specifications

  1. Identify the Compliance Authority that needs to be followed for creating the Cyber Security Policy. Given that a Customer may have many different Vendors/Customers that they Use/Service, there may be more than one Compliance Authority or Regulation that applies.
  2. RSC Cyber Security Engineers will conduct an Internal Security assessment (ISA) of the Customer's Information Technology Infrastructure. This is a key component to determine how Cyber Security controls are to be applied.
  3. Upon completion of the ISA, RSC Cyber Security Engineers will develop the Cyber Security Policy. During this development phase, each area that requires enhancement to the Information Technology Infrastructure will be noted and entered into the RSC Waiver system.
  4. A formal review of the Cyber Security Policy will be accomplished with the Customer. A detailed summary of Information Technology actions will be presented during this meeting.
  5. All Waivers will be reviewed as they are resolved by the Customer and RSC Cyber Security Engineers.

Your corporation needs a detailed yet flexible Cyber Security Policy to remain competitive in the current marketplace while staying ahead of Regulatory Compliance in the face of escalating cyber-criminal activity. Engage RSC to create the best policy available.

Navigation

Social Media