Security Policies and Implementation Issues, 2nd Edition by Johnson

SUCCESSFUL IMPLEMENTATION of information security policies starts before the policies are even written. Implementation depends on how well the policy is integrated into existing business processes, and how well it is understood and embraced by leadership and employees. Implementing information security policies often results in putting in controls that slow the exchange of data. Business can see this as an unnecessary burden. Successful implementation of policies, therefore, must be viewed as a journey from conception to implementation. You must start with engagement, with creating awareness within the organization, and by building consensus on the need to implement the policy. ...