Security policies and baseline security standards underpin the security of your information and your organization. However, having a security policy document in itself is not enough.... the contents MUST be deployed AND implemented to be effective. This is often easier said than done!
Your security policies should be comprehensive in their coverage of security issues. They will contain a substantial number of control requirements, some of which could well be complex. They will also directly reflect the needs of your organization.
Achieving compliance with these policies is a far from trivial task, even for the most security conscious of organizations. The best starting point in the compliance process is often an assessment of the current position, followed by identification of what changes are needed for compliance. From here, planning and implementing must be undertaken.
This web site is intended to assist in this whole process.... starting with creation/procurement of the policies themselves, then considering deployment and implementation, and then finally compliance management.
Also read about the acclaimed SOS Information Security Policies
Hopefully, the above pages will prove to be an invaluable source of information. If, however, you need any further assistance or advice, please do not hesitate to contact us.
Links to security policy related information on the Web.