Summary
Security policies
Are distinct from guidelines and standards.
Are distinct from procedures and control.
Describe security in general terms; they do not describe how to implement.
Policies are important to
Assure proper implementation of control.
Guide product selection and development process.
Demonstrate management support.
Avoid Liability.
Achieve consistent and complete security, avoiding fragmented efforts.
Policies should be developed
Before security problems occur.
To avoid liability.
After a security breach.
To document compliance and demonstrate quality control processes (for example, ISO 9001).
Policies should be developed by
Setting the scope and objectives for the policy document.
Defining what policies need to be written. ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access