Human Link
Published in

Human Link

Write a Security Policy in 4 steps

Technology helps us solve problems, but they are vulnerable to several types of threats.

For example, any loss or unavailability could be too dangerous for small and big companies. So, information security is a fundamental investment.
But, how do you decide what kind of investments are necessary?
First of all, you must know the cost of your business’ downtime to protect it against failures.

Photo by Jess Bailey on Unsplash

1- Planning

A deep investigation of users’ access to the internet, together with your data security needs, will help you to begin your security policy.

What do you want to protect?

What are the risks?

What parts of your business are relevant?

What do your users expect from their computers? What do they need for their jobs?

Photo by Edho Pratama on Unsplash

2 - Defining

Now, you can start writing your security policy. The best way to develop a policy is to work from an example policy. You can find several templates of security policies on the internet. But, first, you must define your company’s mission of information security: scope, responsibilities, enforcements, and revision.

It would help if you had a Continuity Plan, which will involve a lot of areas in your company, such as technology, electric power, engineering, staff planning, communication, etc. Your users must know the Security Policy, and they need to be trained constantly.

Processes must be reviewed constantly to ensure that you have the latest and most up-to-date solution version.

Remember that threats and vulnerabilities are constantly evolving.

Photo by Brett Jordan on Unsplash

3 - Implementing

So, you make business decisions, and you know how important it is to protect your computer data. Security systems are the implementation of those decisions. Sound security system starts with careful planning and understanding of company business, not robust hardware and software.

Security policies are strategic documents that guide you for security. If you don’t understand your business needs, implementing and configuring those security systems will be challenging.

Remember that a security policy cannot exist alone. Your company board support must accompany it, a policy establishing how to maintain physical security, staff training and awareness, and other specific security controls.

Photo by Markus Spiske on Unsplash

4 - Using

A border device stands between your protected network and the public internet. Its primary function is to examine traffic coming from the public side to the private; to make sure it reflects your security policies before permitting that traffic to pass through your private network.

Two things you must think about implementing those devices:

1. Acquire the right one for your company

2. Configure your devices to meet your security policies

You could create rules that allow your users to access local web servers, preventing employees from accessing local systems such as financial, development, and human resources.

When you define a firm security policy that balances your users’ needs with your business needs, you will find the right combination of IT resources to implement it. Keep in mind that technical policies come from your business needs and not the other way around.




Games, Tech, Thoughts, Art. Exploring the human experience.

Recommended from Medium

An Introduction To The Current Threat Landscape

Time To Market or Time For Better Security? Which Side Will Win?

{UPDATE} My Memory Matches Hack Free Resources Generator

2Choices:Play to DAO

Tips on BTC privacy, p.2

{UPDATE} Sheet Music Treble Hack Free Resources Generator

The Power of Mobile Phones and SIM Registrations for KYC Compliance

{UPDATE} Linda niña dulce caramelo Hack Free Resources Generator

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Hyperactive Security

Hyperactive Security

Cyber, Hyper, Mother

More from Medium

Security Awareness Training

Security Marketing and Sales 3: Baggage

HTB —FriendZone Write up