Nov 15, 2012
Strategy: Writing and Enforcing an Effective Employee Security Policy
Security policies are designed to communicate all the ways in which a company protects its assets. Companies require that employees read and sign off on these policies, but they are all too often misunderstood or just ignored.
Why do companies continue to struggle with something that has been around for so long? Experts agree that policies are often confusing to the very people who are required to adhere to their tenets. Companies also often use standard compliance regulations as their security policies, leaving big holes where issues specific to their own businesses are not covered. It is also common, say experts, for a company to write a security policy once, then never (or rarely) touch it again. Again, this leaves gaping holes as new technologies and computing models come to the fore. Finally, even if a security policy has been well-developed, companies have not proved to be very good at communication or enforcement.
In this Dark Reading report, we will look at all of these challenges and more, and provide some recommendations for overcoming them. (S6141112)