There are many good reasons to document and communicate what your organization is doing and how you are maintaining control of its environment. First, everyone in your organization will know that you’re secure and any suspicious activity is being tracked. Second, it is easier to train additional people should the need arise.
Next it makes updating your organization’s environment much easier when there is clear policy and processes in place. Finally, your superiors know you’re doing everything that needs to be done to ensure your organization is safe, secure and compliant with external regulations.
These are only a few best practices among many regulations that place controls over IT in an effort to be as secure and protected as possible. It would be easy for organizations to review compliance regulations and understand where the intention is to codify good policy and protect users and information. And while I’ve viewed this from the regulatory requirement angle, you could easily reverse and say, “Our good security policies make it easier to comply with many external regulations.” It’s up to you to get in control and stay in control of your environment from both a policy and a regulatory standpoint. If there was an Amazon.com item for regulatory compliance it might say, “If you like good policy, you might also enjoy a much better (and more secure) IT environment.”
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.