This article can also be found in the Premium Editorial Download "Information Security magazine: Is your data safe from next-generation attackers?."
Download it now to read this article plus other related content.
Whether you manage policies manually or use automated tools, it is imperative to get your policies and systems in sync.
More information from our sister site SearchSecurity.com
Attend our live webcast on June 22 at noon ET and learn smart strategies for evaluating policy management tools.
Learn how security policy tools can help – and hinder – SOX compliance efforts.
In a way, your information security operation is like a crew boat. It operates most efficiently and effectively when everything is in harmony. To make sure the metaphorical oars all hit the water at the exact same time, you need to establish some rules. Forget about a coxswain; sound policies and strong management systems steer your crew.
Part of managing risk requires periodically evaluating your policies and your enforcement program, and updating the guidelines and technology that ensure employee and system adherence to them. Similarly, vendors now offer products that can convert policies into specific configuration criteria and commands.
Policy management isn't just a matter of good practice--today's regulatory requirements make it an imperative. You can create and manage policy manually, or you can turn to automated tools that implement controls enabling them to adhere to various regulations. Either way, by taking steps to ensure policies are established and managed consistently, you can steer swiftly through threats of security breaches, regulatory glitches and failed audits.
This was first published in June 2006