Thursday, October 30, 2008

Three Basics of Successful Security Policies

1. Unambiguous Rules – Put the policy in writing. Send out reminders. Make compliance easy.
Examples:
Block off-limit web sites.
Place shredders where they are needed.
Configure Wi-Fi systems automatically force compliance.

2. Consequences – Educate employees about the consequences of poor security practice. Explain how it affects the company's stability, and consequently, their jobs. Establish consequences for not following the policy.

3. Unobtrusiveness – Do not establish a security policy which either hinders productivity, or is ultimately unenforceable. Find a better way to achieve the security goal. Work with employees and they will work with you. ~Kevin