System architecture and controls policy
- Management will identify and review network infrastructure access points and associated risks and vulnerabilities.
- The network topology will be maintained and will describe, at a minimum, the connection points, services, and hardware components to include connections (Internet, Intranet, Extranet, and Remote Dial-up), operating systems etc.
- Add additional statements that pertain to your organization
In the next blog we will review the remaining five policies every organization should have in place. Most companies that don't have a full time security and compliance role. Good policies take a lot of time and experience to develop, know when to call a consultant or someone with the right expertise for help. Policies are the foundation for your security and compliance program so make sure they are done right the first time, you may not get a second chance.
Sign up for Computerworld eNewsletters.