Chapter 20. Revisiting Policies
In This Chapter
Emphasizing the importance of people
Finding broken processes
Interviewing to identify data
Finding bad policies
Correcting broken processes
Although the IT department would like to believe that the business revolves around technology, the truth is that people and processes are critical to running a business. IT is the enabler.
Unfortunately, the policies and procedures that employees use on a daily basis now must also evolve to match the changes in the world around us. That change is based on a simple premise: All data has a value to someone. Regrettably, that can be someone inside the company who abuses a position of trust and data access — or it can be an external hacker or cyber-criminal. Either way, if they get hold of your data, it doesn't look good for the business. All interactions with sensitive or confidential data now must be examined — and the policies and processes changed accordingly — with one goal in mind: Protect the data.
People are the greatest asset to any company. However, when it comes to security and data loss, they're also the weakest link.
The People Factor
Where would a company be without its people? It wouldn't exist. So when a necessary change comes over the horizon, all the people affected by it should be involved in responding to it — not just the managers.
Companies typically have dozens of policies for their employees, covering everything from acceptable dress codes to Internet usage. They also cover behaviors ...
Get Data Leaks For Dummies® now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
