Oct 27 2009

Clear Policies and Effective Controls

Category: Policies & ControlsDISC @ 2:19 pm

PDCA-Cycle
Image via Wikipedia

Writing Information Security Policies

Policy defines law of an organization what is acceptable and less risky way of doing business. Having a law in-place is one thing (a good start for an organization) but how you enforce or change policies over time is a key to successful policy implementation.

To control your environment context is everything, what you want to allow as well as actions that you will take to safeguard your environment to enforce suitable policies. The policies will determine who can access your infrastructure under what circumstances and what conditions and especially what actions needed to be taken when users or devices are in non-compliance.

Over the passage of time you need to re-access policies to determine what new policies need to be added and which one need to be edited or discarded based on current business needs. Policy control should be transparent to user and balance need to be maintained between usability and security. During maintaining this balance policy is more of an art than science. If security control cost more than the benefit attain from business activity, at that point we might need to readdress, how much we want to control the environment which is acceptable to current business needs and does not thwart business activity.

Regularly reassessing policies, education users and enforce current policies to help limit your organization liability. Make sure your practice matches your policies; you may be creating a liability that you believe you have protected yourself against.

You got to try out your new policies to see how well they work in your environment. In this regard you might want to issue policy position statement to receive open feedback from user community before adding into to your company policy. By re-assessing policies on regular basis, and issuing policy statement before enforcing a policy, you can achieve better control over your environment by understanding your user’s requirements and business needs. Deming PDCA (Plan-Do-Check-Act) model apply to the process of building policy, you build this process to perfection over time.

Reblog this post [with Zemanta]

Tags: clear policies, effective controls, information security policy, infrastructure control, PDCA, pdca model, position statement, secrity control

4 Responses to “Clear Policies and Effective Controls”

  1. miami web design says:

    actually when policies suites with the organization, then it grows automatically

    not necessary that every time it have to revise

  2. Swing Sets says:

    Every organization bigger or small must have some policy with which they will work out. These policies will have a great impact on the course of the organization. These policies may be changed with the passes of time.

  3. Hawaii Condominium Rentals says:

    Policy making is a vital task for the organisation. The success of an organization will greatly depends on effective policy making. And implementing those policy and keeping the control is also very difficult task.

  4. Hawaii Condominium Rentals says:

    So many organization have failed due to defective policy. Policy making is crucial for an organization. Controlling is also an important task.

Leave a Reply

You must be logged in to post a comment. Login now.