Security should always be a top priority, but it’s easy to let these security reviews and user training fall low on the to-do list. No one wants a reminder about how important these tasks are in the form of an expensive security breach. 

Security companies covering everything from data to infrastructure to mobile devices report on a regular basis that companies often don’t know the state of their own security. Sometimes the fixes are straightforward, such as the lack of a robust patching routine. In other instances, the problem is not understanding where the greatest risk is or where to start improvements. Whether the issue is how to respond to an attack or how to explain the risk to users, this collection of policies can help make corporate defenses stronger. 

Security response policy

This policy outlines the steps to take when a security breach happens. The document defines priority 1, priority 2, and priority 3 incidents to help categorize the severity of an incident. The policy also describes which departments should be represented on the response team. Companies can use the policy to guide the initial response to stop or contain the breach as well as what to do afterward to understand the attack and prevent another one. 

Security risk assessment checklist

Every business, educational facility, government agency, and nonprofit organization must prepare and maintain security reviews. A security risk assessment should be performed quarterly. This checklist can coordinate security risk assessments and document these reviews as they are completed.This comprehensive checklist covers everything that could pose a security risk to an organization, from the physical office, devices, servers, telecom, applications, regulated data, and user behaviors.The spreadsheet lists elements that should be addressed in each category and creates a ranking system to quantify the level of risk. Each element is ranked from one to 10 in importance, risk, and severity. The file also includes an “Owner” listing for each item.

Information security policy

Protecting company data is as important to success as bringing in revenue. This policy sets out responsibilities for all roles at an organization to explain how all employees should understand how to contribute to this effort. This policy defines employee responsibilities in regard to securing corporate information and unacceptable uses of company systems. There are 20 to-dos for IT staff and advice for managers and the HR team as well. Finally, the policy sets out civil and penalties that should be put in place to illustrate the consequences of breaking these rules.

Perimeter security policy

While security principles should apply throughout an organization, locking down the perimeter is especially critical. This policy starts with the basics, and then explains how to lay out networks and configure firewalls to increase security. There also is advice on how to manage firewall changes, when to make these changes, and how to set a rollback plan. These best practices offer a quick checkup on current security conditions as well as recommendations about how to strengthen defenses.