Firms need structured security policies, says Gartner

Plus 'obvious consequences for non-compliance by staff'

Leo King (Computerworld UK)
19 September, 2007 08:53
Comments

It is essential for any business to have a structured security policy with clear language to address all levels of employees, a Gartner analyst has warned.

Speaking at Gartner's IT Security Summit in London, Les Stevens said it was crucial for businesses to start recognizing the key factors influencing the success or failure of policy management.

Many businesses failed to learn from actions that hurt the development of successful policies, he said. These included a low focus on business requirements, risk and implementation, alongside too much focus on pleasing managers and on fitting in with audit requirements -- all to the detriment of building policies specific to the business.

Another problem identified by Stevens was the lack of management support and weak communication culture in some organizations.

"What you need is clear and concise content, a clear definition of roles and responsibilities, a defined purpose, and obvious consequences for noncompliance by staff. It also needs to be in the language of the audience," he said.

"The implementation must fit within the culture of the organization, and be regularly reviewed and maintained. There have to be audits of how well the company is sticking to these policies."

It was essential to have both a hierarchy of policies and of responsibilities in implementing them, said Stevens. To implement policies, he said a top-down charter was needed, together with generic policies and more specific plans for departments, alongside non-enforced standard procedures and guidelines.

The chief information security officer and the chief executive should have responsibility for security policy development, Stevens said, while the information security committee should be in charge of the approval and implementation of that policy.

Bookmark this page
Share this article
- facebook
- slashdot
- digg
- Reddit
- stumbleupon
- linkedin
- twitter
Got more on this story? Email Computerworld
Follow Computerworld on twitter

More about: Gartner

Comments

Post new comment

Share
Share this article
- google+
- facebook facebook
- slashdot slashdot
- digg digg
- Reddit Reddit
- stumbleupon stumbleupon
- linkedin linkedin
- twitter twitter
print
email
Bookmark

Related Whitepapers

2-Layer BPM: Oracle's Unique Strategy Towards Exceptional Agility and Business Process Efficiencies

Today, a new approach to BPM — the use of BPM and SOA together in a layering strategy — offers built-in smartness and high configurability. This dynamic approach to business process management is based on context and content. It offers agility throughout an organization, and it can dramatically increase productivity and time-to-market.

Featured Download

DriverScanner 2010

DriverScanner scans your computer and provides you with a list of drivers that need to be updated. All you have to do, then, is simply ...

Zones

Most Popular Whitepapers

Three simple steps to better patch security

It’s estimated that 90% of successful attacks against software vulnerabilities could be prevented with an existing patch or configuration setting. Yet patching is a persistent challenge for IT managers. With the glut of patches released each year, how do you know which ones are truly critical security patches and which ones aren’t? And how can you identify which computers are actually missing the patches they need? This paper details a simple approach to patching that gives you better visibility into and control over patch assessment and compliance.

Popular tags: Business Management, Security, Storage, Data Centre, Master Data Management

Latest Jobs

Market Place

Firms need structured security policies, says Gartner

Comments

Post new comment

Start-up spotlight: Smart Sparrow targets next-generation learning

iPhone 5 rumour rollup for the week ending February 10

Which tablet should I buy? iPad 2 vs Sony Tablet S

Customer service still dogs Telstra

Start-up spotlight: Smart Sparrow targets next-generation learning

Four crazy tech ideas from Google's Solve for X project

SA minister urges change to Facebook ban

Microsoft at a loss over Event Viewer scam

Exetel's John Linton passes away

TPG faces customer backlash over slowed net speeds

NBN Co wholesale pricing too high: Telstra

2-Layer BPM: Oracle's Unique Strategy Towards Exceptional Agility and Business Process Efficiencies

Using Application Control to Reduce Risk with Endpoint Security

New Mobility Requires a New Network Strategy

How progressive companies are using social technologies

DriverScanner 2010

Application Lifecycle Management

HP Converged Storage Zone

EMC Next Generation Backup – Backup & Recovery Solutions

HP Business Efficiency - Money Payback Guarantee Resource Centre

The Australian Cloud

Three simple steps to better patch security

Top Ten Considerations when Deploying IT Operations Management in the Cloud

Enabling Agile and Intelligent Businesses

Managed Services Strategy Guide

Disaster Recovery Strategy Guide

Computerworld newsletter

Don't have an account?

Firms need structured security policies, says Gartner

Comments

Post new comment

Computerworld newsletter