Home | Services | Clients | Contact Us | Downloads
 

Development of Information Systems Security Policies

Overview
In today’s internet dominated world, each organization needs to share its data and other forms of electronic information with its employees, suppliers, customers, directors and others. This internal and external use of information puts an organization’s IT resources at risk from internal and external potential threats such as human errors, accidents and criminal or malicious action. This kind of exposure requires an effective Information Security Policy to be documented and implemented to protect organization’s sensitive data.
What’s at Stake

In absence of a formal IS Security policy the management has no benchmark against which to check whether its data and IT infrastructure are protected against unauthorized access. Employees or competitors might get access to sensitive financial or planning data, internet may be misused or backup media may be stolen or physically damaged.

How Does EDS Help
EDS provides its services in documenting the policies and procedures to access various components of the organizationís IT infrastructure by its own employees as well as by external users like customers, suppliers etc. covering the following areas:

  • Network access policy and procedures.
  • Email and internet access policy.
  • Physical access controls.
  • Policy and procedures to assign access levels to various user groups for different options of software applications.
  • Procedures to respond to security breaches.
Once a policy for user access has been documented, the management can randomly check the actual security settings against the policy document to ensure its IT assets are well protected against unauthorized access.