Chapter 14. IT Security Policy Enforcement

THE ENFORCEMENT OF IT SECURITY POLICY begins when the hard work of creating the policy and providing initial security awareness is done. All the effort put into creating the policy is of little value if it's not used. A compliance program is essential to ensure that policies deliver intended value. Compliance reviews and vulnerability assessments are two important components of a compliance program.

A compliance review determines if policies are being followed. The vulnerability assessment is used to measure the effectiveness of the policies. If everyone follows the policies then the number of vulnerabilities declines. If the number of vulnerabilities does not decline, the fault lies with either individuals ...

Get Security Policies and Implementation Issues now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.