In the media
May 10, 2010
With the right underlying plan, your implementation will also be effective
Many organizations define clear mandatory guidelines to ensure the security and availability of their IT networks. But if these security guidelines are also to be enforced successfully, certain key points must be observed even during their development.
Just having an IT security policy does not automatically make a network secure or guarantee its availability. As the saying goes, «the proof of the pudding is in the eating» - in other words, even if a lot of money and effort is invested in drafting security guidelines, they will only be effective and prove their true value when they are implemented globally and lived out by the organization.
Four factors for success
A closer analysis of successful implementation and enforcement reveals four factors for success:
- The members of top management are involved in the process of formulating and implementing the security policy; responsibilities are clearly defined and relevant competencies assigned.
- Allowances are made for the weakest link in the chain, that is, the guidelines are drafted in such a way that they take into account the particular characteristics and weak points of certain locations or operational entities, most of which are known.
- The guidelines are flexible and offer sufficient leeway to allow a quick and efficient response to new demands arising from business developments - for example, the integration of new units in mergers and acquisitions.
- A system is in place to ensure the constant monitoring and ongoing evolution of the guidelines; their implementation is tracked around the clock and systematically evaluated as to their effectiveness.
