CHAPTER

7

How to Design, Organize, Implement, and Maintain IT Security Policies

WHAT BINDS WELL-FORMED IT SECURITY POLICIES together is a sense of shared beliefs, purpose, and urgency. Within your organization, you will achieve that, in part, by establishing principles that create a shared vision, by empowering others to act, and by institutionalizing support processes. It’s important that the implementation of IT security policies become second nature to the organization. That is, business processes should be designed with the controls needed to implement and maintain security policies built in.

For example, consider the issue of emergency access to a server in the middle of the night. Gaining access may require going through a firecall ...

Get Security Policies and Implementation Issues, 2nd Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.