3 Reasons a Security Policy Improves Information Security

By Eric Noonan • March 2, 2016

Product vendor’s marketing focuses on advanced persistent threats – Stuxnet, China and all of the other fear, uncertainty, and doubt (FUD) – that are almost completely out of your control.  So take a step back from the overwhelming advertisements leaving you feeling insecure and spend some time on something that you can actually control, your organization’s information security policy.  Exciting right? Maybe not, but a policy represents the foundation upon which your security program can and should be built. Here are 3 reasons why a documented security policy endorsed by corporate executives materially improves security.

3 Reasons Why a Documented Security Policy Endorsed by Corporate Executives Materially Improves Security

1: Corporations Take a Policy Seriously

Corporations tend to take policy seriously, especially larger companies where policies get reviewed by all functional leaders for input, then the final version goes to the CEO for signature and publication. This executive endorsement gives security practitioners the leverage they need when enforcing a policy, requesting resources and generally executing the mission of delivering security services. When you are challenged on the “why” behind a reduction in administrative rights you now have something tangible to refer to rather than trying to educate one engineer at a time.

2: A Policy Presents an Opportunity to Lead the Security Conversation

The process of documenting, socializing and getting an executive endorsement of a security policy is an often overlooked opportunity to engage executive leadership in a conversation about security. At the top of every organization, busy executives have many number one priorities and getting security onto their already overcrowded plate is difficult, even in the age of continuous front-page data breach headlines. Creating a security policy presents an opportunity to lead the security conversation in a way that ensures the most important security agenda items are the focus of the discussion, rather than headlines about the most recent breach that may or may not be relevant to your organization.

3: A Policy Can Help Drive Resource Allocation

When endorsed and published, a policy can help drive resource allocation. Advocating for resources is often easier when the reasons for the “ask” are anchored in compliance requirements. Compliance might not be as thrilling a topic as nation-state attackers but executives understand compliance better than they ever will advanced persistent threats. You should leverage that executive understanding to secure the resources you need to accomplish your mission.
In an overworked and under-resourced security organization, I completely understand the tendency to focus on “doing things” rather than documenting things but that approach will keep you on the hamster wheel and in the long run hobble your opportunity for success.

Don’t Know Where To Start?

CyberSheath’s Strategic Security Planning service will assist you in successfully creating a policy for your business that will materially improve security. A security policy can be the first step in your journey to an optimized information security environment and the foundation necessary to promote the endorsed support of your executive leadership.

CyberSheath Blog

CyberSheath Opens Registration For CMMC CON 2022

RESTON, Va. — June 8, 2022 — Federal contractors have been searching for direction after seeing a flood of messaging about the future of Cybersecurity Maturity Model Certification (CMMC). The nation’s largest CMMC conference has returned to help contractors navigate their course through the evolving compliance landscape.   Hosted by…

5 Reasons to Partner with CyberSheath

The threat landscape is only becoming more complex. Offload the responsibility of navigating cybersecurity issues for your customers by taking advantage of CyberSheath’s new Partner Program.   As a pioneer and industry leader in the managed security service provider space, our new offering helps you achieve rapid results and deliver…

CMMC Compliance Training: How to Earn Your Black Belt

Contractors in the Defense Industrial Base (DIB) are looking for direction as Cybersecurity Maturity Model Certification (CMMC) 2.0 nears. Compliance with CMMC and Defense Federal Acquisition Regulation Supplement (DFARS) is your key to doing business with the Department of Defense (DoD) and we can help you navigate those requirements and…

Our Trusted Partners

Tenable Microsoft Siemplify KnowBe4 ConnectWise DUO