Many companies sink an untold number of hours into the creation of their security documents, only to see those documents waste away unused and collecting dust on a shelf. Creating policies, standards, baselines and guidelines has tremendous value, but until those policies are implemented, that value will go unrealized. Fortunately implementing the policy and its accompanying documents can be easier than it initially seems. Implementation planning should focus on the following steps:
- Apply recommended changes to systems that do not affect end users.
- Educate users about the policy and how to uphold it.
- Apply recommended changes to all remaining systems.
- Acquire additional security solutions to ensure complete coverage.
A security policy is of no value whatsoever until it has been implemented and the company is operating under its guidelines. Implementation will be a time consuming process and one that requires careful planning.