Then when the actual threat possibility and potential damage is considered, it may be determined that policy should be changed.When writing security policies, keep in mind that just because experts recommend specific policies, it does not make your network more secure because you try to follow the policy.That's access control, authentication, and accounting. Although the details involved in implementing AAA vary from situation to situation, there are consistent basic requirements for all three security principles.
Then, using those standards, you can create procedures that can implement the policies.
Without management support, the users will not take information security seriously. Knowing how to assess and manage risk is key to an information security management program.
Understand risk management and how to use risk analysis to make information security management decisions. Know how to set policies and how to derive standards, guidelines, and implement procedures to meet policy goals. Policies are the blueprints of the information security program.
Consequently, a top-level security policy is essential to any serious security scheme and sub-policies and rules of operation are meaningless without it.
Master AAA, the cornerstone of security as a systematic discipline.
So ask yourself…What condition are my company’s written policies and procedures in?