target audience: TECH BUYER Publication date: Apr 2024 - Document type: IDC Perspective - Doc Document number: # US51827724
Best Practices for Planning, Developing, and Managing Enterprise Security Policies
Content
List of Figures
Get More
When you purchase this document, the purchase price can be applied to the cost of an annual subscription, giving you access to more research for your investment.
Related Links
Abstract
This IDC Perspective walks businesses through the steps necessary for establishing a successful security policy strategy. Security policies should provide the foundation for meaningful action in mitigating cybersecurity and compliance challenges of all types based on the level of risk that an organization deems tolerable. In addition, by detecting mismatches between their policies and actual practices, businesses can identify potentially serious risks that require correction.
However, security policies fail to support these goals when they suffer from problems like lack of actionability, failure to address risks comprehensively, and lack of awareness of policies across the organization.
To mitigate these challenges and create policies that drive meaningful action, enterprises require a coherent strategy that addresses all stages of the policy life cycle, from initial policy development and review to policy dissemination and ongoing updates.
"For effective security policy development, promulgation, and maintenance, having a systematic process in place is key," says Chris Tozzi, adjunct research advisor for IDC's IT Executive Programs (IEP). "And so is identifying the various stakeholders in security policy management and ensuring that you plug them into your processes."