No doubt about it, security isn't easy. You need a solid security policy to provide guidance. However, there's no quick fix for common threats. Whether you're starting from scratch or updating a policy, define your objectives up front. Set up a steering commit-tee to create your policy. The team should include people from various levels of the organization, from business executives to technicians, and should be led by someone with security-policy expertise. Assign a second team to handle policy development and review. This team should represent a cross section of employees, including staff, management and at least one member who can articulate the impact of security issues on business applications and operations. The team should address policy conflicts and provide each department with a contact to assist co-workers in interpreting guidelines.
展开▼