Written by: Griffiths & Armour on: 12 Sep 2022
Does your IT Security Policy cover all these areas?
Cyber risk is now commonly in the top three risks for all organisations. As such, it is essential to have a formal risk management approach to ensure that these risks are adequately assessed, reduced, controlled and monitored. Usually this takes the form of an IT Security Policy that is endorsed at the highest level. The following structure is suggested for such a policy:
It is recommended that these formal arrangements include coverage of the following (as considered relevant):
- Acceptable Use
- Access Rights and Control
- Anti-Malware
- Asset Management
- Bring Your Own Device
- Change Management
- Data Backup
- Email Security
- Encryption and Key Management
- Firewalls and Routers
- Home and Mobile Working
- Incident Management and Recovery
- Information Security
- Internet Usage
- Maintenance and Support
- Mobile Device Management
- Network Security (Including Wi-Fi)
- Outsourcing and Vetting Third Parties
- Patch Management
- Payment Cards
- Penetration Testing
- Portable Devices
- Removable Media
- Secure Areas
- Secure Configuration Baseline
- Secure Storage and Disposal
- Social Media
- Software Installation
- Starters, Movers and Leavers
- Testing Resilience
- Training
- Vulnerability Scanning
- Website Security
Griffiths & Armour strongly recommend that organisations review their IT Security Policies to ensure that they address all these key areas.
The above guidance represents an extract from the comprehensive 2022 Griffiths & Armour cyber risks publication, which is now supplemented by a new example template IT Security Policy. Both documents are available via RMworks Risk Directory, which is available to all Griffiths & Armour clients.
RMworks is our Risk Management platform, an industry-leading online platform that supports the introduction and maintenance of high quality, efficient and effective risk management practices in your organisation. RMworks is an integral part of our ongoing commitment to support you with proactive and tailored risk management solutions.
