Policies in Wonderland

--Originally published at (Not so) Random talk

Let’s play, let’s play, with allegories and fantasies.

Let’s play, let’s learn, about security policies.

The company becomes a kingdom,

The CEO becomes the queen.

Gif from: http://makeagif.com/3i8T6n

But being who I am,

But being who you are

It can’t be any kingdom

And now you are in Wonderland.


“Off with the head!”

“Off with the head!”

Yells the Red Queen

For now you are under her rules.

You fell into the Rabbit Hole

You fell into Wonderland

And having been unannounced

The Queen seems to think the policies you’ve broken.


“The policies have not been broken”

“The policies have not been written”

“The policies are not even known”, is what you say

So you saved your neck for now.

Think the policies,

Write the policies,

And if the Queen is happy,

Your head shall go home on your shoulders.

Days and days you think,

Days and days you write,

For the policies that won’t be over specific,

And that will pass the test of time.

Security advice must be given,

Security protocols must be covered,

You think of common practices,

But without copying them for this are just for Wonderland.


Three common policies are known to you,

Three common policies are written.

Information, Privacy and Acceptable Use policies

For Wonderland are clearly written now.

The White Rabbit has taken them,

The White Rabbit will read them to the kingdom,

His trumpet will sound, and so he will say

“Hear all, hear all, the new policies are here”.


The Information policy designates

Who is responsible for information security matters,

The Information policy describes,

The role each member of the kingdom will play in information security.

The Queen is the authority in the creation of security standards,

The Queen is the authority for incident response,

But not it won’t

Continue reading "Policies in Wonderland"