Summary
To ensure the systems and networks are protected, compliance and enforcement policies define what could happen when policy is broken. Compliance and enforcement policies tend to fall outside the technical arena in which most security professionals work. These policies require knowledge of various corporate policies as well as compliance to various laws, including intellectual property, labor, and possibly criminal law.
Testing and effectiveness of the policies:
Compliance is a very subjective process. Policies in this section will cover the notification and report processes with your measurements.
Management should encourage security-awareness training so that everyone in the organization understands the policies and their impact. ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access