Implementing a Security Policy Within an Organization

5 pts.
Tags:
framework
Implementation
Security
Security policy
Hello everyone,

My name is Trevor, and I'm a student at UAT, doing some research on different implementation frameworks for establishing a security policy.  In particular, I came across the SKiP (Security Knowledge in Practice) framework, and saw some advantages and disadvantages.

This framework has 6 separate steps to help with the implementation, including portions dedicated to picking vendors, as well as hardening and securing your own network.  Unfortunately, what it lacks, like many frameworks and standards, is any sort of technical direction.

I was wondering if there is anyone out there that has experience with this implementation framework.  Does it play out as practically as it sounds, or is it more difficult than it should be?

I'd love to hear from you.  Thanks!
ASKED: October 30, 2013  1:16 AM

Answer Wiki

Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Discuss This Question: 1  Reply

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Kevin Beaver
    I'm not familiar with this framework but do know that most people either 1) ignore security policies and have none or 2) lend too much credence to the policies and rely on them completely. Both are bad for business.

    Technical direction needs to come from competent leaders and technical folks serving on a well-run and healthy security committee (which I rarely see). Do the best you can with policies but don't spend too much time on them...it's better to focus your time/effort/money on fix the flaws that are still there that otherwise weak policies claim to disallow or prevent.

    Here are some security policy templates and resources I've written for TechTarget and others over the years that may help.
    14,965 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following