Kim was merciless. She had a pad of violation slips she laid on me like tar and feathers: unauthorized trips to the restroom, lying to the substitute, hiding in the storage room during catechism, going to confession three times a day so I could chat with Monsignor Blecke. In addition to the legitimate raps, she also established policies of her own that applied only to me. That year, I ended up with an intimate knowledge of both the detention room, as well as my father’s belt as word of my “violations” filtered home from nuns, priests and parents.
For security professionals, it’s important to ensure those policies on behalf of your leadership flow logically from the goals and objectives of the organization. Developing and implementing consistent security standards and guidelines will allow you to manage your enforcement and compliance activities with ease. When policies appear to be random or ill-considered, employees and partners look for workarounds and even try to ignore your controls. Consistent and logical policy enforcement will go a long way improve your security posture.
At least we’re too old for the belt.
John McCumber is a security and risk professional, and is the author of “Assessing and Managing Security Risk in IT Systems: A Structured Methodology,” from Auerbach Publications. If you have a comment or question for him, please e-mail John at: Cool_as_McCumber@cygnusb2b.com.