Audit and Compliance

Because security is a process, there is still more work to be done. The recommendations that management accepts will mean more work and more challenges. Each of these solutions has to be applied. Each of these must also be authenticated, tested, and will require reverification of the security posture of your site.

Over time, security policies will become fully implemented and enforced. The real concern then changes from implementing security policies to maintaining them. It’s easy to become lax at this point, and if that occurs, policies will start to become obsolete and out-of-date. The real focus will be on compliance and audit. If you’re interested in seeing how your polices rank against IOS 17799, the Human Firewall Council has a tool to help you with this task. It is available at http://www.humanfirewall.org/smi/. The Human Firewall Council is a group of professionals who have come together to help educate organizations and individuals on the human issues involved in information security.