tISS: Security Policy Development
Getting security policies right can be a difficult and lengthy process, with major costs attached if they prove to be ineffective or inadequate - look no further than Data Protection breach fines for evidence that security policy failure can prove expensive.
What are the most effective approaches for policy development - where should you start? What do you want the policies to do, and for whom? Is 'do the minimum allowable' the right approach? Should there be one overarching policy, or will an approach of function-responsible policies be more successful?
Finally, policy templates may be readily available via a quick web search, but they can lead to policy failure - if the policy does not have a good 'cultural fit' with the organisation implementation and adoption can flounder. But is there a way that policies can be effectively shared, to avoid the need to re-invent the wheel?
Who should attend
The final agenda will be developed through consultation amongst delegates, provisional discussion areas are:
- Defining what a policy should look like
- What is the difference between a 'policy' and a 'procedure' or 'work in progress' or 'guideline'?
- How to effectively create policies
- Policies and multiple compliances
- Use of Frameworks
- How detailed should you be?
- Auditor validation of policies
- Defining the style or approach that best suits your organisation, will carry weight and will lead to the right type of activity and behaviour
- Cultural fit
- Use of language and effective communication style
- Measurability, and ensuring ROI is delivered
"The Corporate IT Forum is a fantastic level check, free of vendor sell and consultancy hype. I like the open sharing of experience…"
"We get valuable knowledge and experience from members of The Corporate IT Forum. This helps us to make better and informed decisions to reach our business goals…"
"The knowledge from other people on what they are doing/have done is invaluable to my team"
"The workshop validated the marketplace for supplier apps; participants were of a uniformly high standard; personally, I value highly the ethos of the Forum in the fact that it is supplier independent"