Security Policy Review Timelines

By: Dr. Gene Lloyd

How often do you review your network security policies? How often do you look through the details of these policies and update the content to reflect the current state of the organizations and the current state of technological capabilities? Technology changes so fast that any policy based on technological capabilities or an individual’s use of those capabilities should be reviewed on a regular and recurring basis. Many organizations will develop these policies and then sit them on the shelf for a year or more before they take the time to conduct a proper review; this can be disastrous! So much can change on a network within the span of a year and so much can change in hacker capabilities within that same year. These types of polices should be reviewed and updated at least once per quarter to stay current and relevant to the current state of the network. I wrote in an earlier article that your security policies don’t need to be long. I think the reason so many organizations have longer periods in between reviews is because no one wants to try to update a long policy. But if you take my earlier advice and shorten these policies to a more reasonable length, the review process can be very simple. I suggest that you look for 3 things during these reviews. First, eliminate any requirements based on specific software/hardware/systems that is no longer in use, and add in specific requirements for new software/hardware/systems. Second, ensure the expectations of user behavior are current. And third, look for any glaring omissions that should have previously been included but were overlooked. This quick review can be accomplished in about 30 minutes, and afterwards, you can be confident that you have an up to date policy for users to follow. Policy development and updates shouldn’t be an ominous task, it can be quite easy when we take the time to keep them current. The Lloyd Research Institute has a lot of expertise in developing sound policies for network security and can help you think through this in a way that makes sense. Contact us today for a free consultation and to get the ball rolling on making your policies more effective.

 

​Sign up for a FREE consultation

​Get a free 1-hour telephone consultation with a cyber security expert with no required commitments -- a $500 value!