Implementing a corporate Security Policy can be a complicated and potentially arduous task. Many changes will have to be made to the enterprise, some great and some small and all with different levels of security and user impact as well as cost and effort requirements. Understanding which changes to make in what order is essential for achieving the most efficient implementation. This tool will help determine that structure in the following manner:
- The company will establish its over-arching rankings for the four listed factors (security impact, user impact, effort required, cost required).
- The company will list all changes to be made as a result of the policy implementation.
- The company will indicate whether each change has a high, average, or low impact in each of the four factors.
This process will create a customized ranking of changes for each organization. Implementing according to these rankings allows the enterprise to most efficiently achieve its security goals.
This downloadable tool is associated with the research note, "You've Got a Security Policy. Now What?"