June 2001 Monthly Meeting
June 19, 2001
a Security Policy for Your Company
Policies are often cited as the first,
most critical component to any information security program. They provide
the cornerstone of security by setting a baseline from which to operate.
Without a baseline it is difficult, even impossible, to identify and
correct deviations from appropriate activities in an organization.
The need for policies is clear. Policies
set expectations for personnel, drive compliance with regulations, ensure
consistency, provide education, and help manage business relationships.
There are, however, many difficulties associated with policy management.
In many cases, policies are inconsistently updated, improperly
distributed, or sporadically maintained. In spite of the tremendous effort
spent by some organizations to implement policies, they frequently end up
ineffective, a casualty of daily business.
Come learn what the issues and pitfalls
you will deal with when trying to implement a security policy.
Bio: Jim Stracka co-founded PentaSafe Security
Technologies in February 1997 and served as a director and as its
President until April 1998. Mr. Stracka has served as the Chief Technology
Officer of PentaSafe since April 1998. Prior to co-founding PentaSafe, Mr.
Stracka was a security consultant for many large companies in Houston. He
is a regular speaker at CACS, COMMON, ISACA, and other Security events
around the world and continues to provide consulting to CISOs and auditors
at large accounting and Fortune 1000 firms worldwide.