Monitoring, Controls, and Remedies
The most controversial section of any information security policy outlines the type of monitoring, controls, and remedies for violations. The controversy arises from some of the monitoring and control policies that can be used in enforcing information security. Although legal, privacy advocates see some of these methods as a violation of an individual’s privacy rights. In my work with many organizations, I suggest that they be careful and create a policy that implements rather than one that suggests mistrust.
A problem with this is that statistics show that most security violations come from within the organization, even though the mainstream press focuses on external events. Because of the publicity, many ...
Get Writing Information Security Policies now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.