THE ENFORCEMENT OF IT SECURITY POLICY begins when the hard work of creating the policy and providing initial security awareness is done. All the effort put into creating the policy is of little value if it's not used. A compliance program is essential to ensure that policies deliver intended value. Compliance reviews and vulnerability assessments are two important components of a compliance program.

A compliance review determines if policies are being followed. The vulnerability assessment is used to measure the effectiveness of the policies. If everyone follows the policies then the number of vulnerabilities declines. If the number of vulnerabilities does not decline, the fault lies with either individuals ...