Infoskill principals have a strong background in security and audit that has been gained over the years working with major financial organizations. Managing security platforms in enterprise systems for many years for financial organizations gave our principals an appreciation of the importance of privacy and confidentiality. Our teams have a full understanding of ten well known disciplines of security: (1) Access Control Systems & Methodologies, (2) Telecommunications & Network Security, (3) Secure Management Principles, (4) Application & System Development, (5) Cryptography, (6) Security Architecture & Models, (7) Operations Security, (8) Disaster Recovery & Business Continuity Planning, (9) Law, Investigation, & Ethics, and (10) Physical Security. The Infoskill team strongly advocates that there is no magic bullet for security, and focuses on a holistic approach that is integrated into the strategic and tactical goals of any organization in a top-down approach.   Security Policies and Compliance Information security policies are designed to provide a blueprint or roadmap for an organization’s security management. Our teams focus on what is being protected in your organization with strong security awareness in order to mitigate risks. Security policies also need to be addressed by a top-down level approach that requires strong senior management commitment. We, at Infoskill, believe in writing many short security policies rather than a long security policy that will be put on a shelf and capture dust until there is a security problem or a formal or informal audit. Long security policies are not only hard to remember for employees, but also become cumbersome to maintain. The majority of our clients emphasize security awareness and training and take the first step as introducing security policies with a kick-off session with formal employee sign-off, integrating them to their employment processes so that every new employee is taken through the security awareness training. Acceptable Use of Technology, Network Access Policy, eMail Policy, and AntiVirus and Malware Protection Policy are among the policies that we have prepared and implemented at our clients like Gay Lea Foods, and TOA Canada Corporation. “Acceptable Use of Technology” policy covers Internet/Intranet/Extranet-related systems, including but not limited to computer equipment, software, operating systems, storage media, network accounts providing electronic mail, WWW browsing, and FTP. “Network Access Policy” covers accessing electronic data in the form of files by creating a connection between the users computer and hosting environment being either a data server, mail server or the internet. “eMail Policy” discusses the rules and guidelines on eMail; when an eMail is sent from an organization, the general public will tend to view that message as an official statement from the organization, therefore eMail policy is designed to prevent damaging the public image of an organization. Further, this policy covers monitoring of email and personal use of email by employees. “AntiVirus and Malware Protection Policy” is designed to explain the anti-virus program, methods, processes and procedures to minimize the impact of these to an organization. The purpose of this policy is to outline the principles of avoiding and eliminating viruses, worms, and other malware. Understanding and complying with this policy is essential to ensure that the protection acquired is adequate for an organization. back to Security   Trademark Acknowledgements Any company, product or service names are trademarks or service marks of their respective companies.