RSA's Meena Raju asks if "you are scared of the word policy," in a blog post about Asking the Right Questions When Implementing a Data Loss Prevention Policy. I think that's a fantastic way to bridge into this topic. Scared is exactly the word. Individuals and companies are scared of putting together a policy on something that seems as complicated as security. Particularly since whatever is 'set down on paper' becomes an actionable set of guidelines. What if it misses areas? What if it's confusing? What if it is an accurate policy, but one that's 'wrong' for your company?
The RSA team put together a series of best practices when considering a data loss prevention (DLP) policy.
What is the data that you want to protect? And how should you protect it? Sounds simple, right? As our customers find, there are many more questions that need to be asked upfront.
Some of the questions that RSA suggests asking are:
As Meena notes, "policy" isn't a bad word or a word to be scared of. "Be smart and be strategic and you’ll love your policies."
Stay tuned to our Security Policy category for tips on how to create effective security policies, as well as relevant studies or facts on the topic.