ABSTRACT
In a normal situation, a security team will have the necessary time, materials, and budget to develop a robust holistic solution for potential threats against the organization’s network infrastructure. Although security response teams are an essential component of any organization’s complete security solution, a thorough security policy will go a long way toward preventing the need for such a team. Ideally, security policies will provide an operational roadmap for employees to follow, in order to avoid ever having to be involved in a recovery effort after a crisis hits. More important than having the policy sought during crisis, it should also serve as part of the daily operations of the organization in regard to network function and security. The chapter describes the neophyte policy crafter through the steps of creating a thorough security policy for the organization. Not only must the security policy be physically and digitally accessible throughout the company, but it must also have “accessible language”.
