Home » Services » Information Assurance » Security Policy Development

Security Policy Development

Technology alone cannot establish and maintain secure Information systems and environments. Security policies are the cornerstone of an effective security program, defining objectives, assigning responsibilities, and providing direction to protect critical information. Creation and adoption of security policy is vital to an agency’s Information Security Management program.

Harris Information Technology Services Security Policy Development Services can assist in the identification, definition and promulgation of appropriate personnel and technical security policies that will establish and maintain sound organizational security practices.

Harris IT Services Policy Development Services are delivered by certified, experienced security professionals employing a three-phase approach, as described below:

Policy Assessment and Review
Many agencies have incomplete or disparate security policies that are not part of a cohesive and comprehensive security management program. Harris IT Services' policy assessment and review identifies outdated or incomplete policies, as well as any gaps in current policy coverage. Our typical policy assessment and review engagement includes:

  • Project team creation
  • Comprehensive review to understand organizational issues, objectives and priorities
  • Interviews with identified managers, technical staff and other security stakeholders

Policy Development
Harris IT Services works closely with agency representatives through all stages of the security policy development effort, from drafting policy language to gaining approval to policy distribution and education of agency personnel. Typical policy areas covered include:

  • Anti-Virus
  • Data Retention
  • Remote Access
  • Password
  • Wireless Security
  • Acceptable Use
  • Malware
  • Server Security
  • Router Security
  • VPN Security

Policy Maintenance
Development and distribution of security policies is only the start of ensuring the success of an information security management program. Harris IT Services can also assist with on-going to maintain and modify agency policies over time, as new technologies and issues arise within the computing environment.

Program Spotlight
Harris IT Services delivers Security Policy Development Services at Wright-Patterson AFB. Our staff has authored and implemented base-standard strategic documentation comprised of procedures, actions and fixes recommended by DoD-CERT and AFCERT, the Network Operations and Security Center (NOSC), and rules and guidelines from DoD 5200-28, DoD 5200-40, DITSCAP, and other authorities.

[Back]