ABSTRACT
The cornerstones of effective information security programs are well-written policy statements. This is the wellspring of all other directives, standards, procedures, guidelines, and other supporting documents. As with any assessment process, it is important to ensure that policies establish the direction management wants to go with regard to security. The top-down portion of the network vulnerability assessment (NVA) looks at the policies requested in the Pre-NVA Checklist (see Appendix B).
