Describe, recognize, or select good administrative maintenance and change-control issues and tools.
Educate Users One of the biggest stumbling blocks to implementing your security policy is the users and their knowledge of security issues (or lack thereof). Many users consider security issues trivial or an unnecessary nuisance. Make sure you provide a reason for implementing each policy instead of simply requiring that users blindly follow them. Awareness training should be part of every formal security plan. It should be mandatory for new employees and repeated at regular intervals to cover new threats that emerge.
A comprehensive security policy shouldn't be limited only to ...