Implementing a corporate Security Policy can be a complicated and potentially arduous task. Many changes will have to be made to the enterprise, some great, some small, and all with different levels of security and user impact as well as cost and effort requirements. Understanding which changes to make in what order is essential for achieving the most efficient implementation. This tool will help determine that structure in the following manner:
- The company will establish its over-arching rankings for the four listed factors (security impact, user impact, effort required, cost required).
- The company will list all changes to be made as a result of the policy implementation.
- The company will indicate whether, in its opinion each change has a high, average, or low impact in each of the four factors.
This process will create a customized ranking of changes for each organization. Implementing according to these rankings allows the enterprise to most efficiently achieve its security goals.
This downloadable tool is associated with the research note, "Four Steps for Implementing a Security Policy."