Security policies get Infosec focus


Security policies get Infosec focus

A discussion on security policies at the Infosec World conference in Orlando suggested focus and simplicity are key elements in developing and implementing companywide information security policies.

Anish Bhimani, chief information security officer at JPMorgan Chase, urged companies to “be crystal clear what your objectives are” and spell them out in a policy that is easily read and understood by other workers, while avoiding developing a “laundry list” of overly specific compliance items that will be hard to enforce.

JPMorgan Chase has adopted a relatively short list of “must comply with” information security policy items that incorporate the company’s high-level data protection goals, but has implemented a broader set of “should comply with” items that are more difficult to meet.

Security policies need to be easily enforceable to be effective, according to Philip Maier, vice-president of the information security, emerging technology and network group at Inovant, which is Visa’s IT unit. He suggests vetting all policies with an enforcement group to ensure there's a realistic way for them to be enforced.

Another issue for multinational companies with global operations is to write security policies that retain the same meaning across different languages.

Security policies are the area of security that are most forgotten by companies, yet are often the most important. Some clear advice from JPMorgan Chase and Visa is welcome.

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy