Fred shares his professional experience and describes what's required to write a security policy for your organization. "Anyone reading this can draft a corporate security policy, using the secrets I reveal in this column. All you need is a bit of guidance, which I provide herein by discussing where to begin, what components are needed, and what procedures to follow. Due to space limitations, my advice is fairly high level, but it should be enough to get you started.. . .
Fred shares his professional experience and describes what's required to write a security policy for your organization. "Anyone reading this can draft a corporate security policy, using the secrets I reveal in this column. All you need is a bit of guidance, which I provide herein by discussing where to begin, what components are needed, and what procedures to follow. Due to space limitations, my advice is fairly high level, but it should be enough to get you started.

Often, the hardest part of beginning is getting senior management buy-in. Secret #1: You must present security expenditures as a cost of doing business, similar to equipment purchases and postage. If the threat does not seem real to your executives, try explaining in terms of these real world cases caused by lack of a security policy.

After the "go ahead," you need a clear idea of the task at hand, and then a breakdown of that task into manageable pieces. It doesn't matter how many you have or how you do it, as long as it makes sense to you. Secret #2: You can't just "write a security policy" and be done; it is a process.

The link for this article located at Fred Avolio Consulting is no longer available.