4.3 Law and Enforceable Security Policies
Up to this point we have been covering legal and ethical organizational systems that are implemented and enacted by people typically in relation to laws, regulations, and policies. However, we should take a moment to note that security policies can also be written or codified as rules in computer software. We will consider computer-based security policies later, but in this last section of the chapter, we discuss some key considerations for creating enforceable written policies. In short, written policies address various threats with generalized rules and sanctions for violating them.
A threat is defined as the anticipation of a psychological (e.g., assault), physical (e.g., battery), or sociological ...
Get Information Security Management, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
