Summary

Analyzing the existing security policy of an organization involves understanding what types of assets the company needs to secure and the cost effectiveness of securing them. Security policies are used to set goals that you will use to secure your assets. They need to be followed by users, IT staff, and managers to be effective. The risk that security policies are not followed can be mitigated through technology and personnel policies of incentives and punishments.

There are risks to hardware, software, people, and the data itself. All these risks can cause problems with availability of data and could ultimately affect a company’s profits. It’s important to know how to evaluate these risks and how to determine what technologies are needed to mitigate the risks. Some technologies may already be implemented on the existing network. Others may impose interoperability constraints, which will have an impact on what types of security and the level of security you can implement. Being able to recognize these situations and propose cost-effective solutions based on the requirements of the organization is the first step to providing effective security.