Start networking and exchanging professional insights

Register now or log in to join your professional community.

Follow

Can security policies be implemented without procedures and guidelines ?

user-image
Question added by ABDELMAJED AHMED SAEED , Cyber Security GRC Manager , Medgulf
Date Posted: 2016/05/28
Sven Wetter
by Sven Wetter , Chief information security consultant , CertISO Sweden

Hello Abdelmaied

My point of view is that a policy sets the guidelines for its purpose, it needs structure to have its purpose translated to real life. The structure would consist of:

- Procedures

- Understanding of threats, vulnerabilities and impact

- Control and reporting systems

- Continuous vigilance and training

- Desk top or real life threat exercises

More Questions Like This