Many companies sink an untold number of hours into the creation of their security documents, only to see those documents waste away unused and collecting dust on a shelf. Creating policies, standards, baselines, and guidelines has tremendous value, but until those policies are implemented, that value will go unrealized. Fortunately, implementing the policy and its accompanying documents can be easier than it initially seems. Implementation planning should focus on the following four steps:
- Apply recommended changes to systems that do not affect end users.
- Educate users about the policy and how to uphold it.
- Apply recommended changes to all remaining systems.
- Acquire additional security solutions to ensure complete coverage.
Creating a formal enterprise security policy can be a lot of work, but until that policy is implemented, it will provide no benefit. While that implementation process can be time-consuming, it does not have to be overly complex. Make clear decisions now to save hours of aggravation later.