|
The Written Information Security Program (WISP) is something applicable to every business. It is written in a manner that it is customized to your company. You will be armed with the policies, procedures, standards, and guidelines required to properly educate your employees to their responsibilities and to provide documentation of your standards.
Your WISP will contain your logo on the front cover and the document is written from your company's perspective, incorporating your company's name throughout the document. This helps employees "take ownership" of the document and abide by the policies.
Small and medium businesses have always been at a disadvantage when it comes to securing their networks from threats. Generally, the lack of expertise and staffing are the contributing factors, but the overwhelming issue is a false sense of security. This false sense of security comes from business owners not asking the question of what issues they should be compliant with and from the IT provider or staff not being proactive and bringing up compliance issues to management. This “don’t ask, don’t tell” scenario creates a dangerous set of assumptions that can potentially put the company out of business. Unfortunately, ignorance is neither bliss, nor is it an excuse! What your employees do not know has the proven ability to hurt your company. In terms of liability for a company, security does not exist until it is documented.
It is well documented that the lack of standards and lack of employee awareness are the leading causes of security breaches, malware infections (e.g. viruses & spyware), and identity theft. If you have 2 or more employees, a WISP is just as important as the professional liability insurance you carry on your business.
The benefits of Information Security for small and medium businesses are many:
- Decreased costs - less reactive IT support
- Improved productivity - decreased distractions
- Decreased virus & spyware outbreaks
- More efficient operations
- Better performing network & computers
- Better accountability of assets & resources
- Better educated & trained employees
Written Information Security Program (WISP) highlights:
- Easy to implement & tailored to your company
- Policies are based on ISO 17799 / 27002
- 39 topics specifically tailored for small to medium businesses
- Covers the PCI DSS, GLBA, SOX, HIPAA, FACTA and more!
- Identifies administrative, technical and physical factors associated with Information Security
- Provides standards for both assessing risk and hardening of networks and systems
- Comprehensive encryption procedures
- Ongoing user education and security awareness training
- Incident response procedures
- Procedures to audit user accounts and deal with terminated employees
- Includes Information Security Officer (ISO) appointment orders, an employee acknowledgment form, and other useful forms to allow you to implement a complete Information Security program right away
|
