Buy essay on How effective is a security policy?

In order to maintain an effective information security program, organizations should first of all develop and implement a consistent security policy, which is aimed at communicating managerial requirements on security to the employees. A successful security policy should include three components: enterprise information security policy, system-specific security policies and issue-specific security policies (Whitman and Mattord 122). All of these components should be properly designed and developed, and then effectively implemented. It is possible to outline six stages which influence the effectiveness of the security policy: development, distribution, review, comprehension, compliance and uniform enforcement.
Thus, the effectiveness of the security policy can be determined using the following factors: policy development based on industry accepted practices, dissemination of policy using all suitable methods. Furthermore, all employees should read and understand the policy, and there should be a formal acknowledgement of employee awareness regarding the security policy. There should also be a mechanism for the policy to be universally enforced and applied. Overall, the effectiveness of a security policy is determined by the above-mentioned six factors.
For a policy to have any effect, what must happen after it is approved by management? What are some ways to accomplish this?
After the security policy is approved by management, it is first of all necessary to develop an awareness plan, and develop a memo on the changes, in order to simplify future changes. Then it is recommended to develop the necessary documents on implementing the policy, such as the documents for manual procedures, architecture of the security policy, standards of information security, etc. After all the documents are revised and signed, it is necessary to train employees on the policy and implement the applications of the policy as well as its enforcement. Some of the ways to accomplish this are to create tests for employee comprehension of the policies, assign and train Information Security Coordinators, provide an Information Security training course for the employees, and create an Information Security Management Committee (Whitman and Mattord 154). It is also recommended to assign information custodianship and ownership rules, enforce policy automation using policy servers.

Works Cited
Whitman, Michael E. and Herbert J. Mattord. Management of Information Security. Cengage Learning, 2010.