My editor at WatchGuard Technologies, Scott Pinzon, said in part, “Producing Your Corporate Security Policy” has drawn a phenomenal response. In its first few days, it has generated a 95% click-through rate … the highest rate in the shortest number of days [the marketing rep] has ever seen.”
Here is the executive summary:
This paper lays out a common-sense approach to writing corporate security policies that makes them easier to draft, maintain, and enforce. Our “question and answer” approach requires no outside consultants. Instead, you can use your in-house knowledge and resources to yield a brief, usable, and — most importantly — understandable policy document, in a reasonable amount of time. To help you generate such a policy, this paper clears away some misconceptions about the purpose of network security; details the process of writing the policy; then explains how to keep refining the drafted policy.
Find the complete 15 page paper at www.watchguard.com/docs/whitepaper/securitypolicy_wp.pdf.
It is aimed at small- to medium-sized enterprises. And I just realized, it says, “requires no outside consultants.” Steve Fallin, my collaborator, must have snuck that by me.