8. Common Security Policies Deeper Dive
Policies are set according to the needs of the organization and its vision and mission.
Each policy should have a penalty or consequence attached in case of noncompliance (not following the rules).
Consequences of Noncompliance
- First time: Warning
- Next time: Forced leave of absence or suspension without pay
- Critical violation: Termination (ending an employee’s job)
Policy Communication
- Policies should be clearly outlined during onboarding (process of introducing new employees to the organization), especially for information security personnel.
- It should be clear who is responsible for enforcing the policies.
- Employees must sign documentation confirming they have followed the policies.
- A survey or quiz may be used to confirm employees understand the policy.
Key Point
- These policies are part of the baseline security posture (basic level of security protection) of an organization.
- Any security or data handling procedures should be backed up by appropriate policies.