Skip to main content
How Can We Help?
IT Services
Back
IT Consulting
Back
IT Strategy
Assessments
Audit Readiness
IT Governance & Security
Professional Services
Back
Project Implementation
IT Staff Augmentation
Development
Managed IT Services
Back
OnDemand Access
OnDemand Assurance
Technology Solutions
Back
Collaboration
Back
Unified Communications
Contact Center
Conferencing
Networking
Back
Enterprise Networking
Mobility & WiFi
IoT Network
Software Defined Networking
Data Center
Back
Data Center Networking
Compute
Converged Hyperconverged
Data Storage
Data Protection
Cloud Solutions
Cybersecurity
Back
Network Access Control
Endpoint Protection
Cloud Security
Identity Management
Threat Intelligence
Industries
Back
Healthcare
State & Local Government
Education
Manufacturing
Service Provider
Retail
Financial Services
Learning Center
Back
Blogs
Videos
eBooks
Tools
Pricing
About
Back
Our Company
Our Process
Why IE
Customer Experience
Corporate Social Responsibility
Partners
Events
Careers
Contact
MyIE Login
OnDemand Login
How Can We Help?

Blog

Internetwork Engineering

Want to learn more about network consulting and all things Information Technology? Follow our blog for up-to-date insights and information.

Desirée M. Ericksen, CISSP

Blog Feature

Data Protection | Cybersecurity

How Security Policies, Standards, Procedures, and Guidelines Protect Your Business Operations

By: Desirée M. Ericksen, CISSP
September 2nd, 2021

Disclaimer: To protect the privacy of a former client, I have changed key details of this story, however the main sentiment and methods remain the same. A few years ago, I orchestrated a jewel heist. Yes, you read that correctly. While claiming a mysterious former life of crime is always intriguing, the truth is it was all in the name of compliance and I had explicit (albeit less interesting) permission from the jeweler's CEO. Don’t get me wrong, I was no Box Man in this scenario. I didn’t need to be, especially since I’d been privy to the common security inconsistencies of the jeweler in question. My job was to create, deploy, and enforce security procedures. When I’d noticed that the employees had not been following these procedures as strictly as I’d recommended...I had to try a different tactic. I made my point the day I smuggled $20,000 in inventory from the main vault. The loss was enough to constitute a termination, and somehow this made them keener to heed my security warnings. They’d made a major procedural mistake by leaving the keys and safe combo in the same location. They’d served me the keys to the kingdom on a silver platter. It was the easiest $20,000 I’d ever made and my oh my did they learn their lesson! For the record, I returned the assets, but taking them had been too easy and it troubled me. In my experience as a compliance expert, I’ve seen lax attitudes and confusion surrounding information security programs. More specifically: the policies, standards, procedures, and guidelines that make up the program. While these components are often (wrongly) used interchangeably, there are very distinct differences between them, and each one should be taken seriously to maintain security protocols and protect your organization. Clearly defining the roles of each of these components and enforcing them within your workplace are essential for upholding a strong security posture. Before we dive into differentiating these four components, we need to first understand what an information security program is and why it is critical for your overall business operations.

Read More

All posts