|
The benefits of Information Security for small and medium businesses are many. In addition to helping your bottom line, having a Written Information Security Program (WISP) is considered a standard necessity for businesses. The most common need is from laws or industry regulations, but having a WISP requirement is now commonplace to meet the demands of customers, partners, and investors.
Since the WISP is customized to your company, you can get immediate use by implementing this to:
- Decrease costs:
- less reactive IT support (malware)
- More efficient operations
- Better accountability of assets & resources
- Improve productivity:
- decreased distractions with a better performing network & computers
- decreased virus & spyware outbreaks
- Mitigate risks:
- Having documentation to prove due care and due diligence
- Laying the foundation for a viable information security strategy
- Educate users on proper and secure habits
- Steps to “harden” network and systems to prevent security incidents
- Assign an employee as the designated Information Security Officer (ISO)
- Have employees acknowledge policies with a prepared signoff form
- Meet compliance requirements:
- Payment Card Industry Data Security Standard (PCI DSS)
- Gramm-Leach-Bliley Act (GLBA)
- Fair & Accurate Credit Transactions Act (FACTA)
- Health Insurance Portability and Accounting Act (HIPAA)
- Sarbanes-Oxley Act (SOX)
- DoD Information Assurance Certification & Accreditation Process (DIACAP)
- Oregon Identity Theft Protection Act SB583
- Massachusetts 201 CMR 17.00
- Meet audit requirements:
- COBIT / SAS 70
- ISO 17799 / 27000
|
