Start with Policies
Executive management knows that they need security controls to protect the organization's sensitive information and intellectual property. Unfortunately, many businesses use an ad-hoc approach to securing information, installing firewalls, anti-virus software, and other controls without a top down planned approach to managing risks.
Security controls include administrative, technical, and physical mechanisms to manage risks. Security policies are essential to an effective security system and express management’s direction and guidance to implementing, maintaining, and improving an information security management system. Security policies include access controls, managing passwords, patch management, monitoring systems, business continuity, compliance, and many other areas.
Security policy templates provide a top down planned approach to information security, helping organizations implement and improve their controls.