The foundation for data security management is the organization’s data security policy. It is the prime directive which defines the framework by which processes and procedures are set and implemented.

 

 

IPV Security helps customers draft and implement security policy covering major areas such as:

1. Acceptable Usage Policy (AUP) of equipment and computing services, and the appropriate employee security measures to protect the organization’s corporate resources and proprietary information
2. Software Assets Management Policy which defines set of approved applications to be used on the company’s computing assets. It will also provide reference to a relevant procedure dealing with authorized software acquisition and exceptions
3. IT Risk Assessment Policy – Defines the control measures and frequency that the corporate will adopt in order to maintain acceptable information security level
4. Acquisition Security Assessment Policy - Defines responsibilities regarding corporate IT acquisitions, and defines the minimum requirements of an acquisition assessment to be completed by the information security group
5. And more…

In case such a security policy already exists, IPV security team review the efficiency and compliance of the company's security policy relative to current risk analysis (threats to critical business assets) in terms of Confidentiality, Integrity and Availability (C, I, A). The review also includes a comparison of the organizational policy to incompliancy events that occurred during a recent defined period.