Policy is the key driver to support the organization’s mission. To be successful in meeting the organization’s mission, we must be able to create the organization’s standards, procedures, and guidelines to support the organization’s mission. Security standards create uniform rules for everyone to follow. Security procedures create step-by-step activities that can be followed by support personnel to accomplish the mission. Security guidelines are recommendations to avoid any future discrepancies. Consequently, security standards, procedures, and guidelines support the organization’s policy. Security policies provide:
- Security practices aligned with the organization’s mission objectives.
- Proactive enterprise monitoring
- Streamlined security management by optimizing detection, prevention and deterrence processes
- Real-time monitoring as part of continuous monitoring initiatives
- Close integration with privacy act program implementation requirements
- Optimizing staffing for quick security incident resolutions
- Optimized process improvements using ITIL framework
The policy planning includes realistic and reliable overarching security policies and procedures, effective security postures, rapid security incident resolution and knowledgeable key personnel. We review current security policies and procedures against recent legislative and guidance changes to determine if any gaps have developed during the Align phase. Security procedures detail actions and requirements for all personnel involved in the use and support of the organization’s infrastructure components and capabilities. We continue to assess, review, and update policies and procedures as changes occur in the organization’s directives.