There is no right or wrong way to begin the process of developing a security policy. No single policy or security strategy will work for every organization. Contrary to what is advertised on the Internet, there is no generic template that will meet every need. A fantastic policy for Company A might be useless to Company B. A security policy must be a custom document that reflects your company’s environment, and meets its specific security needs.
In fact, a useless Security policy is worse than no policy. Companies that boast of Security Policies thicker than a ream of paper are often the ones that have no idea what those policies say. The false sense of security provided by an ineffective policy is dangerous. The point of a Security policy is not to create “shelfware” that will look good in a binder, but rather to create an actionable and realistic policy that your company can use to manage its security practices.
For more information visit www.InstantSecurityPolicy.com
