Top 5 Tips to Keep in Mind When Implementing a New Security Policy
Any time you implement new security policy into an environment, you’re implementing change.
Change can have positive effects, but there are often very specific considerations when producing a new security policy that can make the difference between a policy that meets business needs and one doesn’t
Top 5 Tips to Implementing New Security Policy
Tip #1: Publish Your Security Policy
Many times people spend most of their policy development efforts on building the security policies, but forget to make them available so others know what these policies are. It’s even worse when you punish someone for not following a policy that isn’t readily available.
I was recently on a vacation where the resort implemented a policy to claim items left on a lounge chair to prevent people from reserving the best chairs while not there.
Good idea for the late sleepers, but the resort just took people’s stuff and then left a note that said they were claiming your things according to published policy.
Great, but the policy wasn’t published anywhere. For us early risers that work on the lounge chairs in the morning, we watched person after person get infuriated as they found their notes.
Tip #2: Ensure Security Policy Instruction is Clear
The verbiage in a security policy needs to be clear, and in language the audience can understand.
Don’t use acronyms that people won’t understand, or terms that are undefined unless you take the time to define them in your policies. For example, don’t include any security-specific nomenclature unless it’s defined within the policy itself.
Tip #3: Understand Outlier Situations
There are always wacky people in your organization that will work outside the normal working conditions. This could be normal for them, but it may break policy.
The funny thing is that these people are often abnormal in a good way. They could be the top producers, the most creative, or the most important parts of your organization. Make sure that your security policies consider these people and other situations in their application.
Tip #4: Understand Security Policy Liability
Make sure you think through the liability in your security policies.
For example, if you set a policy to inspect every bag that comes into your building, that’s fine. But think about what impact this policy might have on your team.
Tip #5: Match the “Why” with Application
There should be a very clear reason why you have a specific security policy. Once implemented, you need to measure if the application of your security policy ultimately addresses the why. It’s a simple exercise, but very powerful one that’s often forgotten.
If you have any questions or need help with your Security Policy, connect with us!