Get started Bring yourself up to speed with our introductory content.

IT security policy management: Effective polices to mitigate threats

In this mini guide, you will gain a better understanding of IT security policy management and learn how to create an effective IT security policy, how to ensure security polices are managed appropriately, best practices for policy implementation and how to properly manage change in IT security policies.

Effective IT security policies are the backbone to any enterprise security program, as they provide a framework...

and support mechanism for managing technologies, maintaining order and achieving organizational goals. They also help minimize threats, prevent security breaches and can assist employees in effectively managing risks.

In this mini guide, you will gain a better understanding of IT security policy management. Learn how to create an effective IT security policy, how to ensure security polices are managed appropriately, best practices for policy implementation and how to properly manage change in IT security policies.

How should a company's security program define roles and responsibilities?
(see link below)
Security is practiced in different silos, which often prevents standardization or a real understanding of what a company's risk level is. In many organizations, it's not uncommon for physical, legal and information security departments to step on each other's toes, making the role of a CISO or CSO all the more vital to manage security policy strategically across an entire enterprise.

In this expert outline, security management pro Shon Harris offers a blueprint on how a CSO can bring these teams together and implement stronger IT security policies and programs.

Planning considerations for an effective IT security policy
(see link below)
Although volumes have been written about securing information resources, many companies don't have effective data security. The way to achieve effective data security is to have an effective security policy, and more specifically, an effective security policy that's tailored for your organization's particular data protection challenges.

In this tip, Eugene Schultz lists the most important questions to ask while you're developing your IT security policy in order to ensure it is effective.

Setting up an IT security policy
(see link below)
A security policy extends to more than just the technical infrastructure; every organization's last line of defense in protecting its information from unauthorized access is its employees. Therefore, many believe organizational policy should dictate the need to educate employees about how to protect the organization's information assets. With the threat to information security ever increasing, corporations are always reminded that a good IT security policy should be one that employees fully understand and are able to become familiar with.

This tip covers major points that should be included when setting up an IT security policy, foremost of which should be employee awareness.

Implementing a group IT security policy
(see link below)

Implementing a group IT security policy can reduce the time a company's technical support staff spends resolving security-related issues and help an organization thwart common threats, attacks and embarrassing data security breaches.

In this tip, learn what a group IT security policy should include and how to achieve successful implementation.

Managing change in IT security policies
(see link below)
Unfortunately, when it comes to IT security policies, change is inevitable. No matter how well you design your IT security policy, the time will come when it no longer successfully balances the business requirements of your organization with the security measures necessary to protect your infrastructure and data against the evolving threat landscape. It's critical that you have a well-designed process in place to handle change effectively.

In this tip, security expert Mike Chapple will highlight a five-step process designed to help your organization approach necessary changes to its IT security policies in a formal, yet flexible fashion. He will also provide several questions that should help security pros successfully develop their own change control policy.

IT security policy management: Manual vs. automated tools

(see link below)
Part of managing risk requires periodically evaluating your IT security policies and your enforcement program, and updating the guidelines and technology that ensure your employees and systems adherence to them. Whether you manage your IT security policies manually or use automated tools, it is imperative to get your policies and systems in sync.

In this tip you will learn more about IT security policy management and what steps to take to ensure policies are established and managed consistently, so you can steer swiftly through threats of security breaches, regulatory glitches and failed audits.


This was last published in March 2010

Dig Deeper on Information security policies, procedures and guidelines



Find more PRO+ content and other member only offers, here.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.







  • CIO Trends #6: Nordics

    In this e-guide, read how the High North and Baltic Sea collaboration is about to undergo a serious and redefining makeover to ...

  • CIO Trends #6: Middle East

    In this e-guide we look at the role of information technology as the Arabian Gulf commits billions of dollars to building more ...

  • CIO Trends #6: Benelux

    In this e-guide, read about the Netherlands' coalition government's four year plan which includes the term 'cyber' no fewer than ...