| |
An organization’s security posture is only as good as its internal security policies and procedures. An enterprise may have the best tools and knowledgeable staff, but if it does not have well thought out security policies and procedures that are easily understandable and actionable, and a process to ensure that all relevant staff are aware and trained in it; it is susceptible to be compromised. The policy and procedure assessment involves a comprehensive review of an organization’s internal, external and partner facing security policies and procedures.
| M3 Security policy assessments include: |
Identifying gaps in security posture |
| Evaluating clarity of policies and procedures to ensure they are not open to different interpretations |
| Identifying mutually exclusive procedures |
| Determining if responsible party for implementation is clearly identified |
| Evaluating the network monitoring and intrusion detection plan |
| Evaluating recovery and backup plans |
|
|
