Operational Security

ResoluteGuard will work with you to develop your organization’s Operational Security Policy to provide for a secure, efficient environment.

Securing your organization’s network infrastructure, involves the creation, continuous updating, and enforcement of operational security controls such as policies, standards, procedures and guidelines. In addition, guideline documents can prove to be highly beneficial to the efficiency and fluency of your organization.

Many organizations lack an efficient Security Awareness Training program, or do not have one at all. Those that do have one, even one that is updated regularly, often have no policy in place that mandates users partake in such trainings during the on-boarding process, at set intervals, and as a result of a security incident.

The creation, maintenance, and enforcement of policies is integral to an organization. Policies serve as guiding documents for several general organizational functions. Additionally, they may serve as the basis for current or future procedural and guideline documents. Policies like an Acceptable Use Policy or a Mobile Device Policy serve as foundational documents and provide users with the reason(s) why they must adhere to the enforced operational controls.


Standards define the minimal set of low-level controls employed within an organization. Standards are a vital part of developing, hardening, and maintaining the security posture of an organization. Standards can be set by regulatory bodies (i.e., for organizations within the healthcare industry, etc.) or can be set by upper management. Standards in most organizations include simple, basic standards such as password complexity standards or a hardened image of an end-user device. Standards simplify an organization in maintaining consistency.


Procedures are documents that are often derived from a policy that consist of step-by-step instructions to assist an organization’s users in achieving a specific goal or to assist employees in performing actions such as reporting a phishing e-mail. Procedures are specific in nature in that they detail exactly what to do and how to do it. Procedures provide the user with a proper set of instructions to following to achieve a desired end-result.


Guidelines are non-mandatory sets of instructions that describe how something should be done; the proper steps to follow to achieve a desired end-result.

The regular training and education of your employees/users regarding past, current, as well as new and emerging threats is imperative for an organization’s success. After all, we are all human and we all make mistakes. The creation, maintenance, and enforcement of policies, procedures, and guidelines as well as the existence of standards—is essential to increasing operational efficiency, maintaining security, and ensuring consistent operations.