Toward Enforcing Security Policy: Encouraging Personal Accountablity for Corporate Information Security Policy

Information security professionals through the years have long sought support in enforcing the

information security policies of their companies. The support they have received has usually come

from internal or external audit and has had limited success in influencing the individuals who make up

the bulk of the user community. Internal and external auditors have their own agendas and do not usually

consider themselves prime candidates for the enforcement role.