My editor at
WatchGuard Technologies, Scott Pinzon, said in part, "Producing Your
Corporate Security Policy" has drawn a phenomenal response. In
its first few days, it has generated
a 95% click-through rate ...
the highest rate in the shortest number of days [the marketing rep]
has ever seen."
Here is the executive summary:
Network security experts agree that well-run corporations need a written
security policy. The policy sets
appropriate expectations regarding the use and administration of corporate IT
assets. However, the
conventional wisdom holds that composing and maintaining these documents bogs
down in a morass
of bureaucratic inefficiency and pointless wrangling, which never ends and
produces nothing useful.
This paper lays out a common-sense approach to writing corporate security
policies that makes them
easier to draft, maintain, and enforce. Our "question and answer" approach
requires no outside
consultants. Instead, you can use your in-house knowledge and resources to
yield a brief, usable, and
-- most importantly -- understandable policy document, in a reasonable amount
of time. To help you
generate such a policy, this paper clears away some misconceptions about the
purpose of network
security; details the process of writing the policy; then explains how to keep
refining the drafted policy.
Find the complete 15 page paper at www.watchguard.com/docs/whitepaper/securitypolicy_wp.pdf.
It is aimed at small- to medium-sized enterprises. And I just realized, it
says, "requires no outside consultants."
Steve Fallin, my collaborator, must have snuck that
by me.
