Security Policies provide a documented framework for an organization’s cyber strategy, and create effective administrative, technical and physical protocols to reduce risk of cyber attacks.

Cybersafe provides the framework for keeping your organization’s overall security posture at a reasonable and appropriate level. In order to design and implement an effective security program, there must be an ongoing strategy that incorporates a top down approach that begins with your team. No matter how large or small your company is, a good Written Information Security Program (WISP) paints a big picture for how best to protect your company’s sensitive data.


5 Key Components of a Written Information Security Program (WISP)

1. Designated Security Officer
For regulated industries, it is a requirement to have a designated security officer in place that is responsible for coordinating and implementing your security program.

2. Risk Assessment
This component assesses the risks that your organization faces and what reasonable and appropriate steps need to be taken in order to mitigate the risk. This assessment allows you to prioritize and apply cost effective countermeasures.

3. Policies & Procedures
Once the risk assessment is completed, a written document that states how a company plans to protect the company’s digital assets is developed. This is a living document that is continuously updated as technology and employee requirements change.

4. Security Awareness Training
The human factor is the weakest link in the security chain. Every employee needs to be aware of his or her roles and responsibilities when it comes to security. All users need to have ongoing security awareness training to protect against social engineering attacks.

5. Regulatory & Audit Compliance
Organizations should not only comply with their own security program, but may also need to comply with federal and state regulatory bodies. Some of the regulatory standards that your organization must comply with is HIPAA, PCI, GLBA, Sarbanes-Oxley and FISMA. Periodic audits are necessary to assess the level of security in place, whether it’s been breached and to also make sure it complies with your security program.

Guiding policies for information security used to identify strengths and weaknesses within your organization.

Cybersafe’s team of cyber experts have developed and implemented hundreds of Written Information Security Programs
(WISP’s) in both the public and private sectors. One of the key components of an Information Security Program is
establishing an Information Security Policy that reflects the organization’s objectives as it pertains to security.

Prior to establishing an Information Security Policy, it’s critical we find out how management views security. While many security policies share common themes, we understand that each organization is unique and must develop its own set of policies customized to its distinct way of conducting business. It is important that an organization’s security policies always reflect actual practice to which everyone agrees and complies. Our team takes a holistic approach to implementing an Information Security Program that includes policies and procedures to protect the confidentiality, integrity and availability of an organizations’ sensitive data. The failure to protect all three of these aspects could result in legal liability, regulatory fines, loss of business and customer trust.