Having effective policies and procedures in place is absolutely essential to a successful security organization. These documents must provide detailed descriptions on how to handle specific incidents as well as how to complete daily work activities.
Policies and procedures must be documented and enforced on the current infrastructure and how security is implemented. Without these essential documents too much can be left up to interpretation and on fly decisions can be made which contradict the general philosophy of the organization.
Documented policies and procedures provide a blueprint for employees and provide them with the tools they need to make on the fly decisions that follow company guidelines.
Documentation also extends to network or process diagrams. Having effective and COMPLETE diagrams is essential to the security organization. Diagrams provide a method for employees to gain a deeper understanding of how the network is designed and where security appliances are located. This also allows for for efficient troubleshooting of issues.
No comments:
Post a Comment