The devil is in the details: The importance of tight processes to strong information security

Robert Covington

Published Jun 29, 2016

Have you ever pulled a policy or procedure down from the internet, changed a few things and called it your own? If not, you are probably one of a small minority. Most of us have done this from time to time, and building on the work of another (assuming of course that it is not copyrighted) is a good way to start, as long as you make the proper adjustments to meet your specific needs.

Therein, however, lies the problem.

The issue of useless policies and procedures often begins with an audit finding about the lack of such documentation, sending folks scrambling to get something in place. Many organizations, particularly smaller ones, have no experience with writing policies, so they figure that something is better than nothing.

Policies, procedures and guidelines together form the processes that make an organization function. Good processes help to ensure that you are ready to address occurring problems quickly and consistently, which is particularly important when addressing information security issues.

The devil is in the details: The importance of tight processes to strong information security

Robert Covington

More articles by Robert Covington

Explore content categories

More articles by Robert Covington

Using defense-in-depth to prevent self-inflicted cybersecurity wounds

Cybersecurity standards and guidelines -- are you just checking the boxes?

Is antivirus software dead at last?

The risk of data theft -- here, there and everywhere

Product security: Not just bells and whistles

The changing data protection paradigm

The danger of unmanaged security service providers

Information security ignorance is not a defense

Ransomware protection -- what you may be missing

So, you bought good security tools. Now what?

Explore content categories