This chapter discussed complex relationships and personality types in the workplace and how they can affect how you implement security policies. It’s important to understand different personality types in the workplace to better motivate and influence workers to embrace security policies. Proper motivation can overcome user apathy. Executive support is important to get resources and to drive the security message and visibility needed for the implementation to be successful. The chapter also discussed the importance of pulling stakeholders and control partners into the policy implementation process. This chapter also discussed the Kotter model and a minor variation of it.
Postimplementation activities are just as important as those leading to policy implementation. Success is measured by the value the security policies bring in alignment with the company’s risk tolerance. The chapter also examined how security policies are effective only if they are used. This means they must be enforced. The core values and ways to look at risk within security policies can be applied to a wide array of business situations and new technologies. Successful security policy implementations can change mindsets and an organization’s culture. They can further reduce risks as individuals are better equipped to deal with the unexpected threats.