--Originally published at (Not so) Random talk
Let’s play, let’s play, with allegories and fantasies.
Let’s play, let’s learn, about security policies.
The company becomes a kingdom,
The CEO becomes the queen.
But being who I am,
But being who you are
It can’t be any kingdom
And now you are in Wonderland.
“Off with the head!”
“Off with the head!”
Yells the Red Queen
For now you are under her rules.
You fell into the Rabbit Hole
You fell into Wonderland
And having been unannounced
The Queen seems to think the policies you’ve broken.
“The policies have not been broken”
“The policies have not been written”
“The policies are not even known”, is what you say
So you saved your neck for now.
Think the policies,
Write the policies,
And if the Queen is happy,
Your head shall go home on your shoulders.
Days and days you think,
Days and days you write,
For the policies that won’t be over specific,
And that will pass the test of time.
Security advice must be given,
Security protocols must be covered,
You think of common practices,
But without copying them for this are just for Wonderland.
Three common policies are known to you,
Three common policies are written.
Information, Privacy and Acceptable Use policies
For Wonderland are clearly written now.
The White Rabbit has taken them,
The White Rabbit will read them to the kingdom,
His trumpet will sound, and so he will say
“Hear all, hear all, the new policies are here”.
The Information policy designates
Who is responsible for information security matters,
The Information policy describes,
The role each member of the kingdom will play in information security.
The Queen is the authority in the creation of security standards,
The Queen is the authority for incident response,
But not it won’t
Continue reading "Policies in Wonderland"