|
How mature is your information security policy program? Do you have a set of outdated documents stored in a binder or intranet site? Or do you have a documented management program that keeps your policies up to date, your users informed and your internal auditors sleeping at night? In this paper we review eight key characteristics of an effective policy management program. These elements are culled from leading practices, security and privacy frameworks, and incidents involving information security policies. Organizations can use this checklist to evaluate the maturity of their existing information security policies.
|
