IT POLICY SYSTEM DEVELOPMENT AND
DEPLOYMENT
Case Study: Kaon Security Ltd and Nillumbik Shire Council
WHO ARE WE?KAON SECURITY LTD Formed in 2004 Specialise in IT Policy Development, IT Auditing and Consulting Over 50 IT Policy Customers in both NZ and Australia Better known for our role in helping Ballarat City Council and Golden Plains Shire Council manage the 2010 security breach
POLICY Needs to be accessible to all Appropriate to the organisation Reviewed regularly Meet organisational regulatory compliance and legislative requirements Policy defines the “What” and “Who” Procedure defines the “How” Critical to managing your IT environment
INFORMATION SYSTEMS SECURITY CYCLE
6Monitor
Compliance
1Audit
2ReviewPolicies
4ImplementPolicies
3InstructStaff
IT System Security5
DocumentProcedures
6Monitor
Compliance
1Audit
2ReviewPolicies
4ImplementPolicies
3InstructStaff
IT System Security5
DocumentProcedures
1Define orRedefine
Policy
2Create
Procedure
3Implement
Technology
4Advise Staff
5Audit for
Compliance
6Identify Issues
WHY OUTSOURCE? Policy development is time consuming Low on the priority “to do” list Hard to get started with a blank canvas Writing Policy is not exciting, its not cool and its not going to make you popular with the user community IT doesn’t want to appear as the “IT Police” The IT - HR disconnect Regulatory compliance adds complexity Auditors and Risk Managers requirements
POLICYAn example of good policy documentation
Nillumbik Shire CouncilInformation and Technology
Policy System(Note: These slides are a partial extract from the system)
NILLUMBIK SHIRE COUNCIL
How We Got ThereTrish Spiteri
NILLUMBIK SHIRE COUNCIL
The Process with Kaon Security
Questionnaire completed First draft prepared Onsite review conducted over 2 days Final version received Maintenance to allow further changes anytime Implementation guidelines provided
NILLUMBIK SHIRE COUNCIL Benefits
Cost effective and saves time Simple process that delivers an end result Review process identifies gaps between policy and practice Links policy, procedure and other documents Easy to deploy No training required for users IT Policies accessible to all Consistent rules and guidelines across Council Maintenance options to keep up to date Big tick from Auditors
THE ENDContacts
Kaon Security Ltd – www.kaonsecurity.comJackie Krzyzewski - [email protected]
Nillumbik Shire CouncilTrish Spiteri – [email protected]
Top Related