株式会社グローバルインフォメーション
TEL: 044-952-0102
表紙
市場調査レポート

セキュリティポリシーの策定と展開

Develop and Deploy Security Policies

発行 Info-Tech Research Group 商品コード 603325
出版日 ページ情報 英文 75 Pages
納期: 即日から翌営業日
価格
本日の銀行送金レート: 1USD=111.17円で換算しております。
Back to Top
セキュリティポリシーの策定と展開 Develop and Deploy Security Policies
出版日: 2017年11月13日 ページ情報: 英文 75 Pages
概要

当レポートは、セキュリティポリシーを最初から開発する場合にも、既存の態勢を最適かつ最新のものにしていく場合にも利用可能です。

セキュリティポリシーを開発するメリット

  • セキュリティ面の全般的な態勢の強化:問題をいち早く回避することで、セキュリティインシデントの件数を減らし、アプリケーションの稼働時間を伸ばすことができます。
  • 監査と法令遵守の要求事項に対する備えを強化することができます。
  • 業務効率を高めることができます。
  • 説明責任への対応を改善することができます。

本調査レポートの特長

  • 作成済みのテンプレート (ベストプラクティスとInfo-Techの経験に基づいています) を利用することができます。
  • ポリシー開発に関連する全体的なプロセスを把握することができます。
  • 効果的な意思疎通とポリシーの実施に向けた戦略を推進することができます。
  • アナリストの協力を得ながら質の高いポリシーを実現することができます。

本調査レポートは、以下のような場面でセキュリティ部門の責任者を支援することができるよう考えられています:

  • 必要に応じ非公式のセキュリティポリシーを臨時に導入する。
  • 現在のポリシーでは法令遵守と説明責任を実現できない。
  • ポリシーが古くて不適切なものになっている。
  • セキュリティポリシーの監査に備える。

当レポートには、ベストプラクティスについての調査、ケーススタディ、ITポリシーのテンプレートなどがWord形式のファイルで入っており、プロジェクトを立ち上げる際に役立てることができます。また、セキュリティポリシーの優先順位設定とITポリシープログラムの成熟度評価に対応するExcelベースの2種類のツールも利用可能です。

目次
Product Code: 75660

A security policy is a formal document that outlines the required behavior and security controls in place to protect corporate assets.

The policy allows employees to know what is required of them and allows management to monitor and audit their security practices against a standard policy.

Formally documented policies are often required for compliance with regulations.

The development of the policy documents is an ambitious task, but the real challenge comes later in the process.

Unless the policies are effectively communicated, enforced, and updated employees won't know what's required of them and will not comply with essential standards, making the policies powerless.

86% of companies have security policies but only 40% of non-IT employees are aware of these policies. 46% of companies reported insufficient time and resources to update or implement policies. 77% of IT professionals believe their policies need improvement and updting.

This blueprint applies to you whether your needs are developing policies from scratch or optimizing and updating your security posture.

Value of developing security policies:

  • Enhanced overall security posture: fewer security incidents and more uptime of applications, as issues are pre-emptively avoided.
  • Better prepared for auditing and compliance requirements.
  • Increased operational efficiency.
  • Increased accountability.

Value of Info-Tech's security policy blueprint:

  • Pre-made templates (based on best practices and our experience).
  • Comprehensive process surrounding policy development.
  • Strategy around effective communication and enforcement of policies.
  • Opportunity to work with an analyst to guarantee policy quality.

Short term: Save time and money using the templates provided to create your own customized security policies.

Long term: After the initial policy development, minimal updates will be required to ensure the policy remains up to date. Long-term maintenance and compliance of the policy will ensure legal and corporate satisfaction of security measures.

This research is designed for a Security leader who is dealing with the following:

  • Informal, ad hoc security policies (if any).
  • Lack of compliance and accountability with current policies.
  • Out-of-date and irrelevant policies.
  • Preparing for an audit of security policies.

The blueprint includes best-practice research, case studies, and IT policy templates in Word to help you get your project started. Also included two Excel based tools to prioritize security policies and assess the maturity of your IT policy program.

Executive Summary

This research will help you:

  • 1. Identify and develop security policies that are essential to your organization's objectives.
  • 2. Verify and optimize proposed policies.
  • 3. Integrate security into your corporate culture while maximizing compliance and the effectiveness of the security policies.
  • 4. Maintain and update the policies as needed.

Situation:

  • Security breaches are inevitable and costly. Standard policies and procedures must be in place to limit the likelihood of occurrences and ensure there are processes to deal with issues efficiently and effectively.
  • Time and money are wasted dealing with preventable security issues that should be pre-emptively addressed in a comprehensive corporate security policy.

Complication:

  • Informal, un-rationalized, ad hoc policies do not explicitly outline responsibilities and compliance requirements, are rarely comprehensive, and are inefficient to revise and maintain.
  • End users do not traditionally comply with security policies. Awareness and understanding of what the security policy's purpose is, how it benefits the organization, and the importance of compliance are overlooked when policies are distributed.
  • Adhering to security policies is rarely a priority to users as compliance often feels like an interference to daily workflow.

Resolution:

  • Comprehensively developed and effectively deployed security policies enable IT professionals to work proactively rather than reactively, benefitting the entire organization, not only IT. Formally documented and enforced policies are key to demonstrate due diligence, proactive threat reduction, and overall compliance consistency.
Back to Top