Security

Hi Friends,

I lead a small staff of in the finance sector and we need to establish our first IT security policy for our in-person team of ten. We actually outsource most of our IT needs but our auditor has asked us to create a formal policy for IT/cyber security. Would anyone here be willing to share examples or point me in the right direction for a starting point? We would need the most basic of policies to cover us for this. 

Any advice you can offer is appreciated!

Warmly,

Melissa  

------------------------------
Melissa Fader
Director of Operations
Council of Institutional Investors
Washington DC
(202) 822-0800 x7096
------------------------------

Melissa,

If you're interested, I'm happy to speak with you regarding how I help organizations in this area.  What's important about creating a security policy doc is to also help the organization know the things they really ought to be doing that they may not be doing.  In addition, IMHO, the most important security document for an organization is the right Acceptable Use Policy that all staff should understand.  Let me know if you'd like to talk or my calendly is https://calendly.com/cleartone.

------------------------------
Brian Scott
President / CTO / CISO
ClearTone Consulting LLC
Frederick MD
678-643-5593
------------------------------

Original Message:
Sent: Apr 04, 2024 04:57 PM
From: Melissa Fader
Subject: Small staff of 10 - Need to help my IT guy create an IT Security Policy- Any examples?

Hi Friends,

I lead a small staff of in the finance sector and we need to establish our first IT security policy for our in-person team of ten. We actually outsource most of our IT needs but our auditor has asked us to create a formal policy for IT/cyber security. Would anyone here be willing to share examples or point me in the right direction for a starting point? We would need the most basic of policies to cover us for this. 

Any advice you can offer is appreciated!

Warmly,

Melissa  

------------------------------
Melissa Fader
Director of Operations
Council of Institutional Investors
Washington DC
(202) 822-0800 x7096
------------------------------

Hi Melissa,

I would absolutely second speaking with Brian Scott, we're working with him currently and he is incredibly knowledgeable and thorough!  I might also suggest starting with ChatGPT to have it generate a generic security policy template for you as a starting point. You could even ask it to include relevant sections for the finance sector.  Whatever it produces should be considered a first draft and further revised to be specific to your organization, but it could be a good starting point and is certainly better than starting from scratch. 

Hope this helps!

------------------------------
Andy Lomasky
IT Director
PMMI
Herndon VA
(703) 243-8555
------------------------------

Original Message:
Sent: Apr 05, 2024 07:57 AM
From: Brian Scott
Subject: Small staff of 10 - Need to help my IT guy create an IT Security Policy- Any examples?

Melissa,

If you're interested, I'm happy to speak with you regarding how I help organizations in this area.  What's important about creating a security policy doc is to also help the organization know the things they really ought to be doing that they may not be doing.  In addition, IMHO, the most important security document for an organization is the right Acceptable Use Policy that all staff should understand.  Let me know if you'd like to talk or my calendly is https://calendly.com/cleartone.

------------------------------
Brian Scott
President / CTO / CISO
ClearTone Consulting LLC
Frederick MD
678-643-5593

Original Message:
Sent: Apr 04, 2024 04:57 PM
From: Melissa Fader
Subject: Small staff of 10 - Need to help my IT guy create an IT Security Policy- Any examples?

Hi Friends,

I lead a small staff of in the finance sector and we need to establish our first IT security policy for our in-person team of ten. We actually outsource most of our IT needs but our auditor has asked us to create a formal policy for IT/cyber security. Would anyone here be willing to share examples or point me in the right direction for a starting point? We would need the most basic of policies to cover us for this. 

Any advice you can offer is appreciated!

Warmly,

Melissa  

------------------------------
Melissa Fader
Director of Operations
Council of Institutional Investors
Washington DC
(202) 822-0800 x7096
------------------------------