IPSEC Security Policy Framework
The dramatic increase in information security solutions deployed within organisations has created an unsustainable situation for IT departments. The need to tactically respond to new security threats has ensured that organisational security solutions have not been implemented with any strategic direction or oversight.
The IPSec Security Policy Framework (ipsecSPF) is designed to deliver a sustainable, manageable, scalable and usable information asset protection policy set capable of providing a strategic basis for protecting the assets, systems, processes, people and the reputation of the organisation.
Organisations that adopt the ipsecSPF are able to rapidly achieve policy compliance with Australian Standards for information security management, yielding immediate outcomes for the organisation’s information environment’s security mechanisms.
By utilising a well structured, hierarchical framework, the ipsecSPF has the flexibility to fit almost any organisation, without introducing a burdensome engagement that dramatically impacts the resources of the organisation.
Addressing important security & risk management issues, such as Change Management, Access Control, Acquisition & Disposal of Assets, Asset Classification, Physical Security, Network Security and many other related issues, the ipsecSPF is able to deliver a strategic direction to the organisation’s security requirements.
Policy structure is key to its usability and flexibility. The ipsecSPF structure provides a tiered, hierarchical relationship between all components of the policy. Such a structure permits the organisation to delegate ownership and implementation issues as well as permit users of the policy to easily navigate to the requirements they require.
Designed to meet the requirements of the Australian Standard for Information Security Management, AS/NZS 27001:2006, the ipsecSPF is designed to deliver a compliant policy strategic outcome with a minimum impact on the organisation.
The ipsecSPF is designed for use by people. By using plain-English language terms and having a well structured policy the organisation is able to ensure the best chance that their staff, and other impacted parties are able to understand what is expected of them when within the organisation’s environment(s).
By adopting the ipsecSPF the organisation acquires access to a flexible strategic policy solution capable of adapting to the organisation’s specific needs. Additionally the ipsecSPF is able to provide strategic security direction independent of the evolution of technology and threats ensuring that the organisation does not need to update the policy every time a new technology enters the environment.
Organisations dealing regularly with auditors know the frustration of ever changing criteria for assessment that evolve with the latest technology and threat trends. The ipsecSPF’s decoupling of technology & threats from strategic policy ensures the organisation can manage their audit requirements in a more strategic manner and fulfil the needs of their risk management requirements with a unified, operational centric, mechanism.
By adopting the ipsecSPF your organisation will be provided with a complete ipsecSPF framework including policy set documents and AS/NZS27001:2006 alignment matrix. Your organisation will be provided with license to adjust and maintain the policy set as you see fit for organisational use (not for use by other organisations).