November 2001
Intermediate to advanced
240 pages
6h 27m
English
This section is sometimes called the Policies of the Policy. It is where you set the parameters, starting with the basics of how to measure the performance of the policies. We are not talking about testing the mechanisms, but how the policies are impacted by business requirements through compliance mechanisms.
Testing compliance is a very subjective process. Most of the organizations I have worked with like to keep statistics on violations and waivers granted. The net result is to have information that can be used when reevaluating information security policies. Therefore, the policies you write in this section will cover the notification and report processes with your measurements. Also, as amplification, ...
Read now
Unlock full access