Have You Defined Standards for Each System?

Unlike policies and procedures, which are mandatory in nature and apply to all members of the organization, a standards document is specific to the information system that it belongs, and sets forth goals for implementation of that system.

As we all know, there’s more than one way to implement a system, and keeping track of how your organization has chosen to set up controls in each application is a great idea. Still, core concepts of security implementation at your organization can be identified and codified for each system, regardless of the endless variety.

These standards documents can be as detailed or as high-level as you wish, but they will always be specific to the system and will be advisory in nature. Make sure that your security teams can demonstrate how day-to-day activities relate to the code of behavior in each standard.

This entry was posted on Monday, June 16, 2014. You can follow any responses to this entry through the RSS 2.0. You can leave a response.

About

William D. Clark is a Practice Director for the Cybersecurity Consulting Group in North America at DXC Inc., and oversees multiple security consulting teams responsible for defining cybersecurity strategic assessments and implementation, Forensics and Incident Response, and Penetration and Technical Services, as well as coordinating those services across a broad array of clients and markets. He is a Certified Information Systems Security Professional (CISSP), supporting both policy development and awareness programs. Additionally, Mr. Clark holds certification in Epic Security Coordination and Cadence, and has participated in multiple access and revenue-cycle installations for both inpatient and outpatient hospital environments.

Secure Insight

Rainbow_Bridge_Niagara_Falls

Have You Defined Standards for Each System?

Leave a Reply

About Me

About

Archives

Contact Form