Q

How do I help clients with end-user security policies?

End user-security policies are important for any company. Depending on the corporate culture, some policies can be elaborate, while others will be less specific. Learn in this expert answer how to help your clients develop end-user security policies that fit their business needs.

How can a VAR or consultant help clients create and implement end-user security policies?

Security policies are living, breathing documents that can profoundly impact the way a company operates. Constructed

well, they provide the absolute minimal amount of constraint that achieves the goals of the security organization while still allowing the company to remain agile.

Constructed poorly and without context of the company and its culture, policies for their own sake will ultimately yield a set of unenforceable and inexplicable rules that nobody follows because they simply get in the way.

So the first thing that should be done to help clients create and implement end-user security policies is to understand how security is perceived, instantiated and operationalized within the company. An overall assessment of the company's security strategy should be done to determine the best approach toward creating a framework of policies, procedures and guidelines.

Depending upon the company's tolerance for risk, their culture and regulatory/business requirements, an appropriate set of end-user security policies can be crafted. Aligning them to a security strategy framework means that the policies can be effectively managed across their lifecycle.

It is also very important to set the expectation that policies need to be reviewed and amended at least annually and that these policies should be a business-driven and owned activity, not just a security concern. Encouraging business owners from across the company to participate in the creation and review of these policies is essential if one expects them to be enforced effectively.

Of course, if a customer just wants a set of end-user security policies they can customize and are not interested in a business-aligned security program, there are numerous sets available for purchase or freely downloadable via the Internet.

This was first published in January 2008

Dig deeper on Identity management and access controls

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

MicroscopeUK

SearchCloudProvider

SearchSecurity

SearchStorage

SearchNetworking

SearchCloudComputing

SearchConsumerization

SearchDataManagement

SearchBusinessAnalytics

Close