Policies and Process Development
Many companies have formulated network security policies that cover all the bases and have acquired the latest security products that give them comprehensive protection, but they lack the processes to support these resources. Foundstone® network security consultants build processes to bridge the gap between security policies and security technologies at your organization.
Foundstone Professional Services Process Development will help you develop effective network security processes, so that your company can maintain a solid security posture over time.
- We ensure smooth transitions during staff turnover and decrease the risk of disrupting established security processes.
- We help you maintain appropriate security levels during network redesigns.
Foundstone has spent years assessing and testing networks and recognizes the need for building processes to effectively minimize your vulnerabilities.
Foundstone performs a process analysis to review your current processes and identify gaps. This is how Foundstone approaches process creation:
- We create the customized processes that you specify.
- We create the following processes that we have defined as critical processes for all security programs:
- Change management
- Patch management
- Security monitoring
- Sever hardening
- Desktop and laptop hardening
- Compliance and enforcement (if applicable)
- Data classification
- Remote access
- Risk analysis and assessment
- Backup and restore
- Personnel security
- Data handling, marking, and retention
- Policy, standards, process creation, approval, and maintenance
Vulnerability management and incident response are handled by separate service lines but may be added to this scope if desired.
Policies Development
Creating security policies is the first step in building a strategic security program.
A key component of making your security strategy work is defining enterprise-wide security policies. Security policies dictate how you design and develop the operational and technical controls in your organization.
Foundstone Security Policy Development service helps organizations develop and implement strategic security programs. We customize policies to meet your security objectives and regulatory requirements, and we establish appropriate risk management practices to deliver a favorable return on investment.
Policy development benefits include:
- We provide you with a gap analysis of your existing security policies.
- We make sure that you comply with regulatory requirements (if applicable).
- We help you implement the best practices based upon industry standards like ISO17799.
Foundstone consultants will help you create enterprise-wide security policies using our security project engagement methodology.
- We review your organization’s business, information technology, and security strategy and match those up with your security policy requirements.
- We evaluate existing policies against current best practices.
- We review and identify roles and responsibilities for staff members involved. with policy definition and enforcement.
- We interview key personnel within your organization.
- We document and review policies with you.
Process Development
Many companies have formulated security policies that cover all the bases and have acquired the latest security products that give them comprehensive protection, but they lack the processes to support these resources. Foundstone security consultants build processes to bridge the gap between security policies and security technologies at your organization.
Foundstone Professional Services Process Development will help you develop effective security processes, so that your company can maintain a solid security posture over time.
- We ensure smooth transitions during staff turnover and decrease the risk of disrupting established security processes.
- We help you maintain appropriate security levels during network redesigns.
Foundstone has spent years assessing and testing networks and recognizes the need for building processes to effectively minimize your vulnerabilities.
Click here to view a full data sheet about this service. To learn more about Foundstone Information Security Programs, email consulting@foundstone.com.
