Yaakov's Group | Ciberseguridad


Practical, well-written information security policies are key to running an effective information security program. These policies define expectations for information security and how it will protect sensitive information. They guide the behavior of your IT staff and employees and form the basis of your organization’s operational procedures and standards.



Whether you’re a large Fortune 100 company or a small mom-and-pop shop, thorough, clear and concise policies act as a road map to help your organization navigate around obstacles. Policies drive behavior and practices, giving guidance to your employees for day-to-day activities and provide structure to get you back on track after a security incident, such as a virus outbreak or data breach. Some organizations might be tempted to take the shortcut of using prewritten “form-letter” policies, but these traditionally suffer from the extremes of being too cumbersome or incomplete. After all, a policy that is too strenuous or doesn’t fit the particulars of your organization will never be used, potentially resulting in legal and compliance complications. By investing time and effort in carefully creating and examining policies—as well as educating your employees on those policies—you can avoid investing exponentially more time and effort dealing with an intrusion or breach.


With our information security knowledge and years of experience, we’ve seen hundreds of policies. This gives us expert insight on key topics and the ability to provide examples of policies that have worked well for organizations similar to yours. Our policies and policy reviews are based on industry requirements such as GLBA, HIPAA/HITECH, or PCI DSS and general information security best practices, covering both technical and operational topics, including:

  • User access rights
  • Acceptable use policies
  • Network design and segmentation
  • System configuration
  • System patching and configuration management
  • Secure application coding
  • Physical and electronic access controls
  • Event logging and review
  • System security testing
  • Firewall configuration
  • Sensitive data minimization
  • Sensitive data encryption (at rest and during transmission)
  • Anti-virus systems
  • Security log reviews
  • Security information retention
  • Incident response

Would you like more information about this and other services?