on the limitations of copy-paste


What does security mean for your organisation, and why does it matter? Who in the business is responsible for what aspects of security? How will you measure it, and who will?

Go check the policy.

A policy shouldn't merely exist (although that seems to have been the purpose with some copy-paste examples).

A well-adapted InfoSec policy can be immensely powerful. It is your vehicle for effectively delegating the responsibility for measurable security. Taking a second look at your policy can be time well spent.

No comments: