Information Risk & Security Policies

All documents are in PDF 1.4 format, compatible with Adobe Reader 5.0 and higher

Instant Compliance for a Grand

A light-hearted appraisal of the often deficient quality of ‘off the shelf’ security policies.

What Makes a Good Policy?

A framework is needed to coordinate corporate security policy development – a generic tree structure can be one of the most effective.

Preventing Policy breaches

Security policies will never be effective while they fail to mesh with business processes. The two must be closely integrated so that policy objectives cease to be viewed as externalities.

Depends What You Mean by Policies

Security policies should specify what you are trying to achieve, not blow by blow how – that's what procedures are for. But policies must explain why and define KPIs as well.

It's Probably in the Filing Cabinet

When did you last review your security policies in terms of whether they actually work?

All content (excluding quotations) and presentation © 2001-2024 Michael Barwise or © 2007-2024 Sapientior Ltd
Integrated InfoSec is a service and trade mark of Sapientior Ltd Registered in England & Wales, Company Number 6214497