HOffice ProServ
Merging cybersecurity best practices with today's flexible home office staff
Information Security (IS) Program Considerations
Due Diligence
Occurs when an organization actively gathers the information and applies the activity that is required to meet and comply with (or exceed) industry, state, or federal best practices, rules, or regulations. This information is integrated into policies and guides. Example: A policy requiring, and the action of conducting, an annual security audit
Occurs when an organization actively performs the activity required to meet established policies and guides. In addition, due care is about taking immediate responsibility for correcting and/or implementing something to correct a deficiency or in response to an event or incident. Example: Corrective activity taken from the result of the annual security audit.
Due Care
The responsible actions taken by an organization (ref: Due Diligence and Due Care) can greatly impact the results, trustworthiness, and legal outcome of an organization should an event or incident occur. Therefore, in the following section, we will identify the how an organization can include the HOffice when identifying business requirements, building an IS program, and the importance of effectively communicating with to leadership, employees, and partners.
On the administrative side of things, the IS program is critical to defining the expected behavior of employees and business processes; guiding the development, deployment, behavior, and management of security controls, and; identifying how the organization will respond to events and incidents. Regardless of the size or the industry it operates in or with, the IS program identifies the organization's commitment to the protection of the information it stores, processes, transmits, or otherwise controls for itself, partners, and customers.
Business Requirements
Every business should have established requirements defined by key stakeholders. These requirements should be integrated into business processes and projects to ensure that objectives are met within established parameters.
​
While this section is not intended to be an all encompassing lecture on how to establish requirements, we do want to ensure that leaders and project managers understand the importance of fully merging business requirements.
Building an IS Program
Building an effective IS program is focused on identifying, classifying, and establishing how to protect information. In today's modern workplace, technology plays an integral role in how the aforementioned objectives are met. However, technology should remain as the tool(s) used to manage the most critical asset: data.
​
Although we may cover areas that should be included in an IS program, the details in this section will be focused on security control implementation considerations when dealing with HOffice businesses and users.
Effective Communication
Communication of the IS program, its principles, and expectations are key to making the program effective and efficient. Remember that an IS program should be dynamic due to adjustments in technology, business requirements, information control, rules and regulations, and many other possibilities. Changes must be made and those changes must be communicated.
Personnel are the key to any business. An effective communication program can reduce misunderstandings while fulfilling the need to know expectations which can lead to a more satisfying work environment.