Enterprise IT Watch Blog

Sep 29 2010   6:01AM GMT

Policies for the sake of policies

Kevin Beaver Kevin Beaver Profile: Kevin Beaver

Security policies are those “talk is cheap” enablers of compliance and risk management. The problem is they’re often poorly written, disjointed, inaccurate and so on – often creating the very risks they’re supposed to mitigate.

Everyone treats policies differently, so your needs and mileage will no doubt vary. For what it’s worth, I wrote an article for SearchEnterpriseDesktop.com regarding Windows desktop security policies. If you need to create your own policies or revamp your existing ones, I included a security policy template which  can be tweaked to suit your business needs.

Keep in mind that you don’t want to create policies just for the sake of having policies. This practice can end up creating more problems than it solves. You need to understand where your business is at risk and then shape your policies around those risks. Once you understand where the focus is needed, you can go about building out your policy documents into something that truly enables information security in your business.

For further reading including common oversights and mistakes, check out my security policy articles, podcasts and webcasts.

Kevin Beaver is an independent information security consultant, expert witness, author, and professional speaker with Atlanta-based Principle Logic, LLC and a contributor to the IT Watch Blog. You can reach Kevin through his website at www.principlelogic.com and follow him on Twitter at @kevinbeaver.

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: