| |
M3 Security believes good policy development should be built around the following guiding principles:
- Ensure clarity, conciseness, implementability and enforceability |
| - Built on a trust model that balances security with productivity |
| - Defined area of responsibility for users, administrators & managers |
Our policy development process includes close interaction with a client’s policy development team to understand policy scope and goals prior to start of the policy development phase, followed by a review session with subset of affected staff – users/admins/mgrs for feedback and comments during the review phase and assistance during policy rollout phase.
| M3 Security policy development spans some of the following areas: |
Access Policies
| Remote Access (VPN, Dial-In) |
| Wireless |
| Extranet |
| Administrative |
|
Information & Asset Protection Policies
| Password Policy |
| Information Classification Policy |
| Infrastructure Security |
| Incident Response |
| Acceptable Use |
|
Tools & Application Policies
| Encryption |
| Anti-Virus |
| Email/Email Retention |
|
3rd Party Policies
| Risk Assessment |
| Ethics |
| Audi |
| Asset Acquisition |
| Managed Service Provider |
|
|
|
