June 2001 Monthly Meeting

June 19, 2001

Implementing a Security Policy for Your Company 

Policies are often cited as the first, most critical component to any information security program. They provide the cornerstone of security by setting a baseline from which to operate. Without a baseline it is difficult, even impossible, to identify and correct deviations from appropriate activities in an organization.

The need for policies is clear. Policies set expectations for personnel, drive compliance with regulations, ensure consistency, provide education, and help manage business relationships. There are, however, many difficulties associated with policy management. In many cases, policies are inconsistently updated, improperly distributed, or sporadically maintained. In spite of the tremendous effort spent by some organizations to implement policies, they frequently end up ineffective, a casualty of daily business.

Come learn what the issues and pitfalls you will deal with when trying to implement a security policy.

About Jim Stracka:
Bio: Jim Stracka co-founded PentaSafe Security Technologies in February 1997 and served as a director and as its President until April 1998. Mr. Stracka has served as the Chief Technology Officer of PentaSafe since April 1998. Prior to co-founding PentaSafe, Mr. Stracka was a security consultant for many large companies in Houston. He is a regular speaker at CACS, COMMON, ISACA, and other Security events around the world and continues to provide consulting to CISOs and auditors at large accounting and Fortune 1000 firms worldwide.