Security Policy and Compliance

Nowadays, all organizations and companies need to have a IT Security Policy. It won't be useful as a declaration of intentions and empty phrases. Instead, it can best be understood as an instrument to learn about current practices and to identify weak spots. It needs to be revised frequently and brought to the awareness of staff members.

The process of formulating a Security Policy for your organization or company will by itself be instructive, but compliance can not be achieved without training the staff. Also, if the superiors don't take the security procedures and prohibitions serious, the regular staff can't be expected to.

A minimal security policy should identify critical resources and data and describe the means used to protect them. It should include regulations how to handle security violations and attacks and plans how to restore resources in case of failure.