Security Policy Development
Following an organization’s Risk Assessment, developing and then implementing a well-written security policy is essential for personnel to safeguard information assets appropriately.
To achieve its security objectives, a successful security policy must document the security-related details of day-to-day operations. An effective security policy should include:
- Best Practices
- Management Responsibilities
- Policy Management Hierarchy
Organizations also must update their Security Policies, as technologies and business practices change and evolve. In 2009, writing a new policy on employee use of Social Networking tools is a good example.