IT Security Policy And Procedure Development

Consultiviti can develop the organisations policies according to the NIST/ISO standard and categorises IT Security Policy into three basic types:

Program Policy

High-level policy used to create an organisation’s IT security programme, define its scope within the organisation, assign implementation responsibilities, establish strategic direction, and assign resources for implementation.

Issue Specific Policies

Address specific issues of concern to the organisation, such as contingency planning, the use of a particular methodology for systems risk management, and implementation of new regulations or law. These policies are likely to require more frequent revision as changes in technology and related factors take place.

System Specific Policies

Address individual systems, such as establishing an access control list or in training users as to what system actions are permitted. These policies may vary from system to system within the same organisation. In addition, policy may refer to entirely different matters, such as the specific managerial decisions setting an organization’s electronic mail (e-mail) policy or fax security policy.

It Security Policy Services

Consultiviti can assist the organisation in analysing existing and developing new cyber security policies, standards, guidelines, and procedures. The authority for approving policy is inherently a core function of an organisation and therefore final approval of policies should be performed by the organisation.

Elements may include the following:

  • High-level analysis of an organisation’s operational environment
  • Emerging Technologies
  • Governance Processes
  • IT Security Procedures
  • Determination of compliance to applicable guidance and regulations
  • Gap analysis for the organisation or program that assesses the differences between the current policy and the desired future policy
  • Development of a unified set of security program policies and detailed issue- and system-specific policies
  • Development of short-, medium-, and long-term implementation plans identifying tasks, resources, priority, and ownership
  • Development of cyber security metrics

Risk Management

Consultiviti offer various combinations of service packages for supporting risk management activities. Primarily we perform risk assessments according to international best practice and/or develop a risk mitigation plan. If your organisation already has a mature and operational risk management program, then Consultiviti is certified to audit the programme for effectiveness.

Information Technology Auditing

Consultiviti’s team of IT auditing and security specialists will help you navigate a sea of ever-changing business risks. By using customized tools, expert resources, and proven methodologies, we tailor our IT audit services to your specific needs. Our experienced professionals bring a deep understanding of Internal Information System Audits, Application Control, and Security Services, as well as Pre- and Post-Implementation Reviews.