Security Policies and Implementation Issues, 3rd Edition by Robert Johnson, Chuck Easttom

It’s important to note that change is inevitable. The implementation of security policies is just one of a vast array of changes employees must absorb. Understanding this is important when creating security policy roles, responsibilities, and accountability. The closer you can align employees’ current roles with their current job responsibilities, the easier it will be to implement. For example, assume a security policy requires a certified security trainer for a specific team. Now assume that team already has a trainer for a nonsecurity purpose such as office safety. Combining these roles and responsibilities could create the opportunity to combine training requirements and make it easier ...