This is one of the 52 terms in The Language of Cybersecurity published by XML Press in 2018 and the contributor for this term is Rodney Richardson.

What is it?

A set of mandatory requirements that apply to specific areas of an organization’s operations, including cybersecurity.

Why is it important?

Policies are important because they define the strategic intent for rules, regulations, protocols, and procedures that the organization or industry implement.

Why does a business professional need to know this?

Without effective policies, governance becomes challenging – if not impossible.

Writing effective information security policies requires knowledge of a broad range of issues that might affect your organization. Concise policies, written in simple and unambiguous language, are more likely to be read, understood, and followed. Policies should cover how to track compliance, how to handle exceptions, and the consequences for not complying with the policy.

Research for writing effective policies must include exploration of relevant legal considerations.

Policies adopted by the executive body within an organization need reinforcement in the form of guidelines, procedures, and protocols on how the policies are to be implemented.

Business professionals need to ensure that corporate policies support an information security management strategy that guides cybersecurity specialists in the right direction to secure the organization’s information. If your cybersecurity specialists do not understand these mandates, they are likely to overlook management requirements.