CHAPTER 9

Integrating Your Security Plan across the Enterprise

Every organization needs a written security policy. Every organization has a stance on information assurance, but if it’s not recorded and formalized, it might as well not exist. The organization will eventually encounter situations that require taking action about a security matter. If no written policy exists, many actions they would wish to take become legally impossible. As a simple example, consider the case of an employee who wastes work time surfing the Internet for sports scores. This is not illegal (illegal actions have clear legal penalties, giving built-in consequences and procedures for the organization to pursue), but most firms would frown on this waste of company time ...

Get Information Technology Security Fundamentals now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.