6 myths about security policies

Friday, 4 October 2002, 10:39 AM EST

As a technical director in my company's corporate infosec department, I assumed I knew all I had to know about writing information security policies. After spending a lot of time in the past year as part of a team assigned to update and enhance our organization's policies, I can say without qualification that most of my assumptions were wrong.

My company (I can't tell you the name, because that would be against our information security policy) delivers services to the financial sector. Our original infosec policy was written back in the days of the dinosaurs--1995. It was a simpler time. We connected to our business partners over leased lines and knew who was on the other end. Our systems were isolated, aside from a dial-up here and there. The Internet was a fad--why would we ever connect our mission-critical networks to it?

Fast-forward to 2001. Our business partners now used value-added networks and the Internet to send us important stuff. E-mail had become as important as the telephone, and we were doing business on the Web. Our world had become more complex. Our policies were seriously in need of an update.

In the course of working on the new policies, I learned the truth about my assumptions, which I now call the "Six Myths of Infosecurity Policies."

[ Read more ]




Spotlight

What IT skills are in demand?

IT security tops the list of skills that teams need most, and one out of five reported having difficulty finding skilled talent for cloud initiatives. Companies are also looking for pros who have skills in network engineering, systems engineering, IT architecture and network operations.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Fri, Apr 17th
    COPYRIGHT 1998-2015 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //