CHAPTER

7

How to Design, Organize, Implement, and Maintain IT Security Policies

WHAT BINDS WELL-FORMED IT SECURITY POLICIES together is a sense of shared beliefs, purpose, and urgency. Within your organization, you will achieve that, in part, by establishing principles that create a shared vision, by empowering others to act, and by institutionalizing support processes. It’s important that the implementation of IT security policies become second nature to the organization. That is, business processes should be designed with the controls needed to implement and maintain security policies built in.

For example, consider the issue of emergency access to a server in the middle of the night. Gaining access may require going through a firecall ...

Get Security Policies and Implementation Issues, 2nd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.