Forum for Information Security :: Security Policies - Worth the trouble? :: July

Assurance & ComplianceJuly 7, 2005 12:42 pm

No one wants to write security policies, but every company needs one. Right?

Here is an example of what to avoid:

The general process is that the person assigned will copy a policy from another company, change the names, and submit it for acceptance. The result is that no requirements were identified, no issues were properly addressed, and a solution that was specifically developed for another company has been used as a best hope of solving the current company’s requirements.

A robust IT security policy is key to any enterprise IT security program. If there are flaws and loopholes in the security policy, then these problems are likely to get compunded later.

Food for thought…

RiOn

Comments »

The URI to TrackBack this entry is: http://mielesecurity.blogsome.com/2005/07/07/security-policies-worth-the-trouble/trackback/

No comments yet.

RSS feed for comments on this post.

Line and paragraph breaks automatic, e-mail address never displayed, HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>

M	T	W	T	F	S	S
				Aug »
				1	2	3
4	5	6	7	8	9	10
11	12	13	14	15	16	17
18	19	20	21	22	23	24
25	26	27	28	29	30	31

Forum for Information Security

Comments »

Leave a comment

Links:

Categories:

Search:

Archives:

Most Recent Posts

Most Popular Posts

Other:

Meta: