Security Policy Management
Security policy is the logical embodiment of the enterprise business requirements for security and control. It can therefore be seen as something that, once determined, is a key driver of the operational security management programme as a whole. This chapter looks at various aspects of security policy and how it is managed.
In this chapter you will learn about:
- Security policy as the logical model of your business requirements for security and risk mitigation;
- How to use security policy as a means to develop a strong security culture by affecting human attitudes and behaviour;
- How to use risk assessment as the means to select the appropriate level of security policy;
- The trade-off between complexity and ...