Is Having a Security Policy in Place Really Nine-Tenths of the Law?
Published 27th January 2009 Most large organizations maintain a detailed corporate security policy document that spells out the “dos and don’ts” of information security. Once the policy is in place, the feeling is of having achieved ‘nine-tenths of the law’, that is, that the organization is in effect ‘covered’. This is a dangerous misconception. Because much like in the world of law and order, while creation of law is fundamental, implementation and enforcement of law is what prevents chaos. Ignorance of policy does not exempt from punishment — in this case in the form of security breaches Recent studies have shown that most employees, including IT staff, are often unaware of corporate security directives or even tend to ignore them. Ignorance of corporate policy or simple incapability to implement and enforce it can leave networks wide open to major security breaches. This is not only costly to fix, but can also ruin a company’s reputation. Allowing the security policy become a ‘whi
Related Questions
- What is the policy regarding applicants with degrees that do not contain a specifically English component, such as Law, Psychology, Philosophy, Sociology, Marketing, Criminology, Modern Languages?
- I’m interested in information security, but my background is in law, business, policy, or another non-technical discipline. Should I apply for the scholarship?
- What is the Macromedia Flash Player Security policy?
