Review and Assess Regularly
Security managers must ensure that the organizational
security policy is reviewed regularly (semiannual is our
recommended review frequency) to see if it is successfully supporting
security needs. Adapt the plan to meet any changed conditions and distribute
change notices to the constituency as needed. Ensure that training plans are
updated with the changed material and that managers brief their personnel on all
security changes.
It is equally important to assess the adequacy of measures
implemented by the policies. Ensure that the measures taken not only solve the
problem but also help prevent them from recurring. Have security and IT staff
independently evaluate the effectiveness of the security policies whenever
possible. Sometimes, it is even a good idea to bring in third-party
organizations to perform independent assessments of your processes and
procedures. If you make changes, be sure to go back and update the policy book
accordingly.
Sections
Archive
Syndication
