- Hire a security professional to write a custom policy for your organization.
- Try to write your own using resources found on the Internet or purchased guides.
Number one is an expensive proposition – it can cost tens of thousands of dollars, depending on the complexity and number of policies, and take a great deal of time. Number two is impractical – it would take weeks, if not months, of painstaking work to cobble together a policy that will likely not be appropriate for your company. These two reasons deter most security policy projects before they start.
The process of getting a security policy is confusing. As an example, leading security policy experts recommend that a policy have the following components: standards, guidelines, position statements, guiding principles, rules, procedures, and lastly, policies. This jumble of “consultant-speak” is confusing at best, and does not result in a useful management tool.
To be effective, a security policy must be clear and consistent. As important, a security policy should fit into your existing business structure and not mandate a complete, ground-up change to how your business operates.
For more information visit www.InstantSecurityPolicy.com
