By Alan Kowlowitz, NYSTEC Information Security Consultant
If you are an information security professional, at one point you will probably be expected to write security policies and standards for your company or agency. You already know why such documentation is important: failure to produce sound policies and standards could lead to a lack of compliance or security awareness—leaving your data vulnerable to security breaches.
Many excellent guidelines, models, and resources are available, making it relatively easy for you to develop sound policies. However, it remains difficult to write policies and standards that can be readily implemented and actually improve your organization’s security posture. Continue reading