Information Security Policies = Human Firewall

Security of information involves both technology and people. Mixing the two together dramatically increases your organization's chance of security breaches. This threatens the availability and security of your own data and systems, as well as that of any client data with which you are entrusted.

PEOPLE + TECHNOLOGY = RISK TO YOUR ORGANIZATION

Statistics show that over 80% of all serious security violations today come from inside the organization. A firewall alone can't stop your users from downloading unsafe files from the internet, surfing risque sites, sending offensive emails through the corporate mailserver, or wasting hours of time every day on unproductive tasks.

Nor can a firewall protect valuable and sensitive information from a disgruntled ex-employee whose username and password still exist, or from a temporary who "borrowed" someone else's login last month when he worked for you and now this week works for your competitor, or from hackers and spies who know how to take advantage of the security lapses of your organization.

Information security is so important that it is now a business issue, and not just a technical one. The lifeblood of corporations has become their information assets and systems. Protecting these assets should be one of a company's primary strategic policy decisions.

Try asking yourself these questions:

• How do you currently distribute your policies to your users? (many enterprise-level organizations send email - do you think that's adequate? How do you know they were received, read, and understood?)
• Do your users know your security policies today? (does a signature on the last page of your company manual prove anything? have any of your policies changed since that paper was signed)
• Can you prove that your users know and understand your security policies? (most organizations can't)
• How well does your technology comply with your written policies? (another good question)
• If you were sued because an employee sent offensive emails from work, how would you document the distribution and comprehension testing of your information security policies?

Pentasafe's VigilEnt Policy Center (VPC) puts you in contol of Security Policy:

• Creation
• Distribution
• Education
• Compliance Testing
• Tracking
  

What is VPC, and What Can It Do?

VigilEnt Policy Center now makes it possible to manage security policy dynamically so that you can create, distribute, educate, and track understanding of your information security policies for all employees in your organization. It enables you to keep policies up to date, change them quickly as needed, and ensure that they are being understood properly, all through a new automated, interactive, web-based software application.

The VigilEnt Policy Center features best-practice information security policies from expert Charles Cresson Wood, built into the software. Guided by the policy document wizard, you can easily create policies, edit them, and distribute them for review, often in less than a day. Or, you can import your own security policies and quickly check them against best practices and make modifications.

As a subscription service, you also get regular policy updates to alert you to the latest risks and regulatory changes that might affect your security policies.

Once policies are approved, they can be distributed to employees and others via a customizable user portal, which is provided as part of the VPC software. Your employees, sub-contractors, and trusted partners can be alerted via any of a number of means of a new policy posting and then authenticate and log on to view policies at any time.

After reading the policies, the users then take an online quiz to test their understanding and comprehension and get immediate feedback on their scores. The administrator can remediate users whose scores indicate lack of adequate comprehension, and even go so far as to deny network resources to users who fail to achieve required minimum scores.

NOW YOU CAN ACTUALLY TEST, EVALUATE, AND REPORT ON EMPLOYEE UNDERSTANDING OF SECURITY POLICES.

The VigilEnt Policy Center can generate reports for your auditors and management team that give the status of any user or group of users. Policy reports detail which policies have been read, which quizzes have been taken, and scoring results so you can confidently answer questions like, “Have all our employees read and understood our new email policy?”

Real World Cases of Missing Policies

One of the Few Really Good White Papers You'll Ever Read, Pentasafe's "Human FireWall" Paper (pdf)

The Pentasafe Website

Send us email

REQUEST MORE INFORMATION