top of page

Information Security Policy

Based on the Security Capability Maturity Model (SCMM) with 5 levels, here is how s3k Global LLC 's information security policy rates:

  1. Initial (Ad hoc and Chaotic): Few policies that may be inconsistently applied.

  2. Managed (Project-Level): Unstandardized policies but documented.  

  3. Defined (Organizational Standards): Standardized policies and procedures with employee’s awareness.

  4. Quantitatively Managed (Measured and Controlled): Information security processes are managed through metrics and regular audits and reviews are conducted for compliance.

  5. Optimizing (Continuous Improvement): Via feedback and changing threats continuously.
     

Maturity Level: Defined (Level 3). Standardized policies, employees are trained, and procedures documented and communicated.

s3k Global LLC 's information security policy, though being comprehensive and as per with industry standards, still requires better quantitatively managed and optimized maturity level.

 

BCP and DRP updates

 

and training will

 

strengthen readiness for causes and incidents.

Doctor

Disaster Recovery Measures at s3k Global LLC: These measures include:

  1. Offsite Backups: Daily regular data backups are conducted.

  2. Redundant Data Centers: A warm site secondary data center model used.

  3. Automated Failover Systems: To switch operations to backup systems when any failure.

Regular Testing: For disaster recovery plans quarterly testing

  • “Found” USB Drive: Employees must place it in a secure envelope and deliver it to the IT Security Office and not insert the drive into any computer.

Reporting Process:

Virus Infection or Social-Engineering Phone Call: Reported immediately to the IT Helpdesk via a dedicated phone line or email (helpdesk@s3kglobal.com)

Information Security Policy: Industry Standards
bottom of page