PRO+ Premium Content/Information Security magazine

Thank you for joining!
Access your Pro+ Content below.
October 2003

Implementing security policies to make them stick

It's an infosecurity fact of life: Security policies are generally ignored unless top management explicitly endorses them. But while executive backing is necessary, it's often not sufficient. Successful policy implementation requires genuine buy-in throughout the organization, from top to bottom. Unless users believe the threats are real, the response is appropriate and the consequences of noncompliance are career-limiting, they'll always ignore policy. Let's take a look at a case in which an infosecurity failure literally cost thousands of lives, and what it finally took to make security policies stick. In 1915, the British army knew that crucial information was somehow leaking to the enemy. When they finally figured out that the Germans had developed "sniffer" technology that enabled them to eavesdrop on Allied trench telephone signals that were inadvertently carried through the ground, the British created strict policies limiting the use of electronic communications. These policies were universally ignored, resulting in ...

Access this PRO+ Content for Free!

Features in this issue

Columns in this issue