Chapter 13. The Policy Review Process
YOUR ORGANIZATION’S POLICIES ARE NOW IN EFFECT. Users are being trained, incidents are occurring, and everyone is aware of the information security requirements. But we know that the security policy is only as good as the ability to enforce its provisions. Even in the best of worlds, you will discover that these documents will have policies that hinder the business process and some that do not go far enough.
Security policy documents should be living documents. They should change and evolve as your organization grows and technology changes. To keep up, these policies must undergo periodic review; and ...
Get Writing Information Security Policies now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
