Developing information security policies seems like it should be an easy task. Unfortunately, it usually ends up being one of the most challenging aspects of implementing a new security control. In this talk, we’ll discuss a methodology for creating more effective policies.
One of the most dreaded tasks in information security is developing policies. While we all know that policies are needed to make technical and physical security controls effective, many policies end up being poorly written, misunderstood, and often ignored by the workforce. In this session, we will review best practices and simple approaches that can be used to create and implement more effective policies.
* Review the foundational steps and principles required to create effective policies.
* Understand how to align policies with the organization’s internal and external environment and requirements.
* Discuss a process for developing and implementing policies to ensure that they are understood and adopted by the organization.