Administrators,
more technically savvy than their managers, have started to secure the networks in a way
they see as appropriate. When management catches up to the notion that security is
important, system administrators have already altered the goals and business practices.
Although they may be grateful to these people for keeping the network secure, their
efforts do not account for all assets and business requirements.
Finally, someone
decides it is time to write a security policy. Management is told of the necessity of the
policy document, and they support its development. A manager or administrator is assigned
to the task and told to come up with something, and fast!
Once security
policies are written, they must be treated as living documents. As technology and business
requirements change, the policy must be updated to reflect the new environment--at least
one review per year. Additionally, policies must include provisions for security awareness
and enforcement while not impeding corporate goals.
This book serves
as a guide to writing and maintaining these all-important security policies.
240 pages