Security policies and standards

Enterprise policies and standards are meant to be the written law on how to implement, use, and monitor a technology, process, and other HR and legal scope items. For the purposes of the book, we will focus on IT policies and standards. These "laws" also serve as a warning to consequences if there is a violation of the policy. For instance, an employee cell phone policy may be created in response to the business request to use personal phones for business. However, with the ability to use a personal cell phone, there may be restrictions on using the "smart" features to access enterprise data, or a requirement to load a mobile device management application on the cell phone. The standard in this scenario may be a ...

Get Enterprise Security: A Data-Centric Approach to Securing the Enterprise now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.