White logo ISGWhite logo ISGWhite logo ISG mobileWhite logo ISG mobile
  • Company
    • About
    • Culture
    • Careers
  • Services
    • Security Services
    • Design
    • Serverless
      • AWS Serverless Workshop
    • Cloud
    • Mobile
    • Big Data & Analytics
    • Operations
  • Clients
  • Insights
  • Get In Touch
  • Company
    • About
    • Culture
    • Careers
  • Services
    • Security Services
    • Design
    • Serverless
      • AWS Serverless Workshop
    • Cloud
    • Mobile
    • Big Data & Analytics
    • Operations
  • Clients
  • Insights
  • Get In Touch

Why You Cannot Wait on Finishing your Information Security Policies

May 6, 2020
Categories
  • AWS Security
  • Grizzly Shield
  • Security
Tags
 

Let’s get real for a moment.

This saying exists for a reason “...it’s not IF but WHEN you will have a security incident

 
 

A few real-world experiences that will happen:

  • Finance falls for a phishing scam and sends funds to a false account/person
  • A customer reports that they have found their personal information on a common search engine
  • FBI investigators reaching out relating that a bank is stating Credit Card (CC) number skimming has been traced back to your organization
  • A staff member gets their PC encrypted from a ransomware email or worse the ransomware has impacted your server farm
 
 

The first item that will be requested by both legal counsel and an Incident Response (IR) Investigator are your policies. Information security policies are to describe how the organization wants to protect its information assets. After policies are outlined, standards are defined to set the mandatory rules that will be used to implement the policies. Some policies can have multiple guidelines, which are recommendations as to how the policies can be implemented.

 
 

A mature security program requires the following policies and procedures:

  • Information Security Policy
  • Access Control Policy (ACP)
  • Acceptable Use Policy (AUP)
  • Remote Access Policy
  • Incident Response (IR) Policy
  • WiFi Policy
  • Social Media Policy
  • Email/Communication Policy
  • Mobile Computing Policy
  • BYOD Policy
  • Disaster Recovery Policy/Business Continuity Plan (BCP)
 
 

Building and managing a security program is an effort that most organizations grow into overtime.

 
 

ISG Grizzly Shield Security Services

We take an easy three step approach to helping organizations Secure their AWS environment:

 
 

Pinpoint – Understand the level of maturity your security program has achieved and the possible gaps that may be present.

Jump Start – Develop Project plan/Roadmap for initiatives required to bring your Organization to the point where 24 X 7 monitoring can be leveraged, and data consumed by an MSP or internal staff or a combination of the two.

Monitoring, Training, and Ongoing Management – 24 X 7 monitoring and alerting based on defined SLAs.

 
Share

Related posts

May 26, 2020

Defense In Depth

Read more
May 22, 2020

Why in 2020 Does Our Work Force Still Fall Victim to Phishing Emails?!!

Read more
May 20, 2020

Ransomware

Read more
Get In Touch

Privacy policy

© 2020 Intent Solution Group. All Rights Reserved.

Get Started with Grizzly Shield Security Services