Developing a “Policy Program”
When creating a quality defense in depth strategy , you must not forget to build a quality “policy program”. A “policy program” is not just a binder, wiki, or web page with all of your current policies categorized neatly by date and purpose. A “policy program” will include the drafting of the policies, the communicating of the policies to all of your user community, enforcement of the policies, and validation that the policy is meeting its defined goal. We often see policy programs that only encompass one or two of these steps and administrators wondering why their policies are ineffective. In order to create a successful program you need to utilize all of the steps in the policy program framework.
