Firms need structured security policies, says Gartner

Plus 'obvious consequences for non-compliance by staff'

Leo King (Computerworld UK)
19 September, 2007 08:53
Comments

It is essential for any business to have a structured security policy with clear language to address all levels of employees, a Gartner analyst has warned.

Speaking at Gartner's IT Security Summit in London, Les Stevens said it was crucial for businesses to start recognizing the key factors influencing the success or failure of policy management.

Many businesses failed to learn from actions that hurt the development of successful policies, he said. These included a low focus on business requirements, risk and implementation, alongside too much focus on pleasing managers and on fitting in with audit requirements -- all to the detriment of building policies specific to the business.

Another problem identified by Stevens was the lack of management support and weak communication culture in some organizations.

"What you need is clear and concise content, a clear definition of roles and responsibilities, a defined purpose, and obvious consequences for noncompliance by staff. It also needs to be in the language of the audience," he said.

"The implementation must fit within the culture of the organization, and be regularly reviewed and maintained. There have to be audits of how well the company is sticking to these policies."

It was essential to have both a hierarchy of policies and of responsibilities in implementing them, said Stevens. To implement policies, he said a top-down charter was needed, together with generic policies and more specific plans for departments, alongside non-enforced standard procedures and guidelines.

The chief information security officer and the chief executive should have responsibility for security policy development, Stevens said, while the information security committee should be in charge of the approval and implementation of that policy.

Bookmark this page
Share this article
- facebook
- slashdot
- digg
- Reddit
- stumbleupon
- linkedin
- twitter
Got more on this story? Email Computerworld
Follow Computerworld on twitter

More about: Gartner

Comments

Post new comment

Share
Share this article
- google+
- facebook facebook
- slashdot slashdot
- digg digg
- Reddit Reddit
- stumbleupon stumbleupon
- linkedin linkedin
- twitter twitter
print
email
Bookmark

Related Whitepapers

Mobile Security: Don’t leave employees to their own devices

No organisation can afford to ignore the rising march of consumer devices in today’s workplace. But neither can they ignore the risks that consumerisation brings. Companies must adapt IT and security strategies accordingly, balancing the needs and demands of more flexible work models with the often thorough information security safeguards that were implemented to protect the business in the first place. Fortunately, there are ways of doing just that and achieving a balance that works for all concerned.

Featured Download

CDex

CDex can extract the data directly (digital) from an Audio CD, which is generally called a CD Ripper or a CDDA utility.

Zones

Most Popular Whitepapers

Process-Driven Master Data Management for Dummies

We wrote this book to introduce you to the subject of processdriven MDM. It’s a big topic, one that far outstrips the ability of a brief book to cover. However, our hope is that by reading this book you will gain a fundamental understanding of processdriven MDM, how it works, and what it takes to make it a success in your organisation.

Popular tags: Business Management, Security, Data Centre, Storage, Master Data Management

Latest Jobs

FTChange Management ProfessionalsNSW
CCSAP FICO ConsultantNT
FTSenior Network Field Engineer - Cisco R&S / Wireless SolutionsNSW
CCSAP PM ConsultantNSW
FTSenior Citrix EngineerNSW
FTTechnical Services Engineer - ShoreTel/MitelVIC
FTSAP Basis ConsultantNSW
CCSystem Engineer - Lync and Exchange - CONTRACTSWA
FTIT Account Manager - System Integrator - Career Progression - Start ImmediatelyNSW
CCSystem Engineer - Exchange - CONTRACTSWA
CCAvaya Engineer - ERS 8600 4.1NSW
FTSAP Basis ConsultantACT
FTQM Trainer and ConsultantNSW
FTProduct Manager Strategist - Enterprise ApplicationsNSW
CCOBIEE ConsultantWA
FTSenior Network Engineer - Cisco / Nexus / UCS / - Routing / Switching / WirelessNSW
FTSenior Citrix EngineerNSW
FTSenior Network Field Engineer - Cisco R&S / Wireless SolutionsNSW
FTIT Service Desk EngineerNSW
FTiPhone App DeveloperNSW
FTiPhone App DeveloperNSW
FTiPhone Developer DeveloperNSW
FTiPhone App DeveloperNSW
FTIT Service Desk EngineerNSW
CCPC Relocation Technicians - Multiple Roles availableSA

Market Place

Firms need structured security policies, says Gartner

Comments

Post new comment

Privacy Act changes finally introduced to parliament

Coalition NBN better or worse?

A comparison of Telstra's 4G phones

Bredolab botnet author sentenced to 4 years in prison in Armenia

Which tablet should I buy? iPad 2 vs Sony Tablet S

NBN ISS could pose capacity constraints

NBN service plans won't cost consumers more: Conroy

Microsoft at a loss over Event Viewer scam

Stallman: If you want freedom don't follow Linus Torvalds

Coalition NBN better or worse?

CeBIT 2012: Will NBN speed up freight delivery times?

Mobile Security: Don’t leave employees to their own devices

Managing IBM License Complexity

Printer Usage and Cost Management Strategies for the Australian Mid-market, an Unrealised Opportunity

Cost Effective Security and Compliance with Oracle Database 11g Release 2

CDex

Avaya Air Cover Zone

Application Lifecycle Management

HP Converged Storage Zone

HP Business Efficiency - Money Payback Guarantee Resource Centre

The Australian Cloud

Process-Driven Master Data Management for Dummies

Business Intelligence Best Practices for Dashboard Design

Learning To Compete: IT’s Next Transformation

Seven Steps to Effective Data Governance

Guidance for Calculation of Efficiency (PUE) in Data Centers

Computerworld newsletter

Don't have an account?

Firms need structured security policies, says Gartner

Comments

Post new comment

Computerworld newsletter