However the above principles might be altered or even divided to individual entities or become secondary levels according to the missions and operation objectives of different enterprise, but the core elements such as Access Control and Aggregation Control need to stay intact in such policy.
An effective policy consists of principles which must be defined by each organization. In order to develop an effective policy for an enterprise environment, this policy must be a user driven model in order to be implementable considering the client types and operation objectives. If a policy is not easy to understand by the end-users while conceiving their group size and computing diversity, the failure of such a policy is inevitable. In other words, development of an information security policy must avoid any form of organizational politics and bureaucracies and its focus should remain only on the following eight principles which are critical to effectiveness of such a policy.
Principles for an effective HEIN information security policy
Effective enterprise governance involves a strategic direction established by management that sets the framework for ensuring security objectives are met and risks are managed in accordance with the policy. It defines the roles and responsibilities required to provide systematic governance and effective controls for assuring policy enforcement.
At InfoTransec we can assist your company in updating your existing strategy or developing a security governance strategy aimed at managing your security risks.
Contact us today for a free consultation.