ABSTRACT
This chapter is designed to assist the reader in developing and implementing policies, standards, and procedures more effectively. Many organizations have policies, standards, and procedures but they may be unwritten. Unwritten policies create confusion, are difficult to enforce, and create inconsistent implementation of controls. It is very difficult to test something
been set as a legal precedent that companies must show or prove due care when enforcing policies, in which case they have made an effort to be in compliance, at a minimum, with industry security standards. From a legal perspective, enterprises must be prepared to show that they have communicated to their employees, users of their systems, and business partners appropriate use of those systems and resources, as well as appropriate ways to effectively protect their business, information, and resources, from damage, theft, destruction, or unauthorized access. This will minimize the risk of legal liability due to negligence and breach of fiduciary responsibility.
