Five Golden Rules for Creating Effective Security Policy


Foundational Refreshed: 15 May 2017 | Published: 17 September 2014 ID: G00259725

Analyst(s): |

New to Gartner?

Register with us for FREE access to this research document.

REGISTER NOW

Summary

Policy writing is a risk communication exercise that is frequently performed by people who lack the skills needed to create good security policy. Fortunately, the use of a few best practices for the planning and writing of policy can make a big difference in its effectiveness in reducing risk.

Table of Contents

  • Introduction
  • Analysis
    • Create a Process for Developing and Maintaining Your Policy
    • Use a Structured Approach to Support Flexibility
    • Don't Develop Your Policy in Isolation; Build Support by a Process of Engagement
    • Have Your Policy Drafted by Someone With Competence in Policy Development — the Rules Are Only as Strong as the Text That Expresses Them
      • Writing for an International Audience
      • Consider a User Guide
    • Make Sure That Your Policy Is Pragmatic by Testing It Out
  • Gartner Recommended Reading
© 2014 Gartner, Inc. and/or its Affiliates. All Rights Reserved. Reproduction and distribution of this publication in any form without prior written permission is forbidden. The information contained herein has been obtained from sources believed to be reliable. Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information. Although Gartners research may discuss legal issues related to the information technology business, Gartner does not provide legal advice or services and its research should not be construed or used as such. Gartner shall have no liability for errors, omissions or inadequacies in the information contained herein or for interpretations thereof. The opinions expressed herein are subject to change without notice.

Why Gartner

Gartner delivers the technology-related insight you need to make the right decisions, every day.

Find out more