Policies in Wonderland

--Originally published at (Not so) Random talk

Let’s play, let’s play, with allegories and fantasies.

Let’s play, let’s learn, about security policies.

The company becomes a kingdom,

The CEO becomes the queen.

Gif from: http://makeagif.com/3i8T6n

But being who I am,

But being who you are

It can’t be any kingdom

And now you are in Wonderland.


“Off with the head!”

“Off with the head!”

Yells the Red Queen

For now you are under her rules.

You fell into the Rabbit Hole

You fell into Wonderland

And having been unannounced

The Queen seems to think the policies you’ve broken.


“The policies have not been broken”

“The policies have not been written”

“The policies are not even known”, is what you say

So you saved your neck for now.

Think the policies,

Write the policies,

And if the Queen is happy,

Your head shall go home on your shoulders.

Days and days you think,

Days and days you write,

For the policies that won’t be over specific,

And that will pass the test of time.

Security advice must be given,

Security protocols must be covered,

You think of common practices,

But without copying them for this are just for Wonderland.


Three common policies are known to you,

Three common policies are written.

Information, Privacy and Acceptable Use policies

For Wonderland are clearly written now.

The White Rabbit has taken them,

The White Rabbit will read them to the kingdom,

His trumpet will sound, and so he will say

“Hear all, hear all, the new policies are here”.


The Information policy designates

Who is responsible for information security matters,

The Information policy describes,

The role each member of the kingdom will play in information security.

The Queen is the authority in the creation of security standards,

The Queen is the authority for incident response,

But not it won’t

go with “off with the head”,

For now exceptions and violations are written.

Individuals’ data is collected,

Individuals’ data is stored

Individuals’ data is used

Is what Privacy policy says.

Written are the principles at the beginning,

Written is the type of information that will be collected next,

In another section you specified how the rulers will use the information

And at last come the choices and obligations of individuals under the policy.

Do’s and don’ts of how subjects will use the information systems,

Do’s and don’ts of the personal use of computing resources

Is what the White Rabbit reads

Of the Responsible Use Policy.

Principle of least privilege stating

 the minimum set of permissions to do a job,

Principle of separation of duties

separating permissions for critical situations.

A Drink Me bottle it was,

An Eat Me cookie maybe,

What you took to escape,

In case of the Red Queen’s anger.


Crazy you aren’t to wait

For her reaction after listening the policies.

Crazy you are maybe

For reading this story of mine.

It might have been crazy

It might have been silly

But the security policies facts I’ve written

And hard is not to separate the fantasy.

With the claps I leave

With a bow I leave

Until the next time I write

Until the next time you come to read.


Reference: http://www.lynda.com