Updating of security procedures policy
If your data management practices are not already covered by regulations, consider the value of the following: Protecting your data means protecting its confidentiality, integrity, and availability as illustrated by the C-I-A triangle (Figure 1).The consequences of a failure to protect all three of these aspects include business losses, legal liability, and loss of company goodwill.If you have a security program and you do experience a loss that has legal consequences, your written program can be used as evidence that you were diligent in protecting your data and following industry best practices.
And even though it is the weakest link, it is often overlooked in security programs. Every employee needs to be aware of his or her roles and responsibilities when it comes to security.
The policies and procedures component is the place where you get to decide what to do about them.
Areas that your program should cover include the following: 4.
No matter how large or small your company is, you need to have a plan to ensure the security of your information assets.
Such a plan is called a security program by information security professionals.