Enforce the policies
Enforce the policies through incentives. Make sure that you use the policies, or they may be useless when you try to enforce it 5 years down the line.
Follow up policies with technology
Use technology to control and enforce the policies. Never develop policies to adapt to the technology - it must be the other way around. If in doubt, hire specialist.
Review and audit regularly
Technology, markets, regulations and people change all the time. Policies need to be audited and adopted as you go - regularly. Make sure employees are allowed to suggest changes. If errors are discovered - make sure to act swiftly to update the policy.
Corporate governance is key
Corporate Governance is not only a new buzzword. It is only a new name for an age-old best-practice.
1. Set targets / visions
2. Draw the path through strategies and tactics.
3. Compare the outcome with targets/vision.
4. Start over
The purpose is simply to put forward a set of methods to ensure quality, trace-ability and documentation. You can do it in large scale or small scale - the principles stay the same.
Remove the bad apples
Bad apples must be handled correctly. Get rid of them by using their forces and turning them into valuable gems.
Or, throw them out of the basket.
------------------------------
This is part two of the article Bad advice for good security, as appear on Risksopportunities 2007.
Part one is available here.
Explore Security Bloggers Network
Recent comments
1 week 39 min ago
2 weeks 2 hours ago
2 weeks 1 day ago
3 weeks 1 day ago
3 weeks 1 day ago
3 weeks 2 days ago
4 weeks 1 day ago
4 weeks 1 day ago
6 weeks 1 day ago
6 weeks 4 days ago