How Policies Should Be Developed
Before policy documents can be written, the overall goal of the policies must be determined. Is the goal to protect the company and its interactions with its customers? Or will you protect the flow of data for the system? In any case, the first step is to determine what is being protected and why it is being protected.
Policies can be written to affect hardware, software, access, people, connections, network, telecommunications, enforcement, and so on. Before you begin the writing process, determine what systems and processes are important to your company’s mis-sion. This will help you determine what and how many policies are necessary to complete your mission. After all, the goal here is to ensure that you ...
Get Writing Information Security Policies now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
