Management Must Support the Policy

As in most business endeavors, unless management actively supports a policy, it will not be effective. A policy that restricts a business function or is considered to lack flexibility but addresses a critical need requires the full support of management; otherwise, it will not be followed. Security policies are designed to be restrictive. Every organization has employees who believe they should be able to do what is restricted by the policy. These same users will feel justified in violating the security policy if they believe that "management doesn't care." The security policy is designed to weigh the good of the organization before the needs of the individual.

0 0

Post a comment