The policies you use to protect your information assets depend on
your security goals that must be up-to-date, meet all standards
for your industry and commerce, and be concisely- transmitted to
every manager, all end users, and the entire operations staff. A
security policy must be carefully created. It is a documented and
formal statement of the rules that regulate how your particular
organization manages, protects, and uses information and information
assets. The security policy will therefore be tailored to your business,
its goals, setup, and controls, and the systems' distribution of
Customer: Major American Power Generation Company
Services: Security Policy Review
Problem: Policies had been developed in the late 60's for securing
information assets that existed within the mainframe computer environment.
The current environment, however, had evolved into a modern distributed
network environment, making the old policy difficulty to apply and
sometimes impossible to administer. The policy had become irrelevant
and was generally ignored.
Solution: ESTec consultants worked with the client to develop principles-based
policies that met current systems and would be the basis for all
computer evolutions within the foreseeable future. Management adopted
the new policies. They implemented the security awareness training,
which ESTec recommended to them, and changed at once to the new
set of security management functions required by the new information
Results: With security policies that actually worked in the modern
computing environment, it was once again possible to apply the policy.
Security management became easier and the number of security breaches
was greatly reduced.