• "Our employees routinely share passwords among themselves."
• "Network devices are configured differently in each of our operating locations."
• "Email viruses continue to cause expensive damage and downtime."
• "Network technicians routinely open services on our firewall to operate from home."

A well-developed policy is critical when establishing the proper “culture” of awareness. LarsonAllen's information security services group can help you assess your current policy, design appropriate new policies, and train your user community. Our professionals have the business expertise to develop policies that make a difference!

LarsonAllen's response
It is often said that the weakest link in any information security strategy is the end user. Analysis of costly security incidents often supports this assertion. Solid information security policy is critical to the success of any security strategy. A sound policy sets the tone for the organization and begins the process of developing he proper “culture.” A proper information security policy should:

• Demonstrate management’s commitment to information security
• Provide guidelines for safe computing practices for end users
• Provide guidelines for network administrators
• Set standards for device configuration and administration
• Provide accountability for policy breaches
• Provide guidelines for compliance with applicable laws and regulations