Process—Strategy
Initially, you should determine whether your company has any existing information security policies and then evaluate whether your organization is complying with them. Security policies are living documents; you must review them periodically and update them to reflect changes in your enterprise and in the information security field. Often, in the absence of active enforcement, policies tend to gather dust, and due to poor communication, employees might be unaware of them. It's also likely that the policies have become outdated due to neglect.
Clarity of communication is paramount. Technical personnel might not be able to write policies that are understandable to the average employee. You might find that your policies are current ...
Get Executive Guide to Information Security, The: Threats, Challenges, and Solutions now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
