The article I looked over, The Seven Deadly Sins of Security Policy, states the importance of not making policies that do not manage an organization's risks. Joan Goodchild, the author of the article shares seven points that she believes should never be used in creating a security policy. Personally I would agree with Joan, I believe any company that does any of Joan's seven sins is going to have trouble.
Failing to do a risk assessment before a policy is even made will result in a company creating policies that may have absolutely nothing to do with anything that could complicate that companies path towards completing its goals.
The one size fits all process could definitely lead to problems for a company. If a new company adopts a policy that one of its competitors has, the policy may have no legitimate use for your company, and a new company will accomplish nothing.
Not having a standards template is also bad. Companies should have consistencies for policies within their organization.
Having policies that only look good on paper is certainly going to lead to bad policies. If policies have no realistic chance of being accomplished, they shouldn't be put down.
If management doesn't believe a policy will work, and does not buy into it, then it may as well not even be there, because management wont enforce employees to then adhere to those policies.
Writing a policy after a system has already been deployed will only lead to a game of catch-up. If security policies aren't instilled in the earliest phases for a company, then systems wont work in their environments effectively. "When security is an add-on, it cant help but be incomplete, insufficient, and, in many ways, inadequate for the task," says Cresson Wood who was interviewed by Joan
And Finally, a lack of follow up, which I believe is one of the most important sins, is something that can make or break a company. Companies that have the drive to do their policies will thrive.
Companies should never overlook security policies. Those that do are only dooming themselves and their business to failure.
Blog by Hans Harvey
Blog Post 6
Sources-
Author: Joan Goodchild
Title: The Seven Deadly Sins of Security Policy
Address: http://www.csoonline.com/article/504314/the-seven-deadly-sins-of-security-policy
No comments:
Post a Comment