What challenges exist in creating and implementing new security policies in an organization when there has been no consideration of security in the past?

The following challenges exist when implementing new security policies in an organization-

  • Upper management approval
    The upper management need to be educated about security and enrolled into the need to implement the policies
  • Availability of skilled security personal
    Skilled and experienced security personnel with “tacit knowledge”5 are required to understand how to draft security policies given the existing state of the organization. The team should be equally aware of the organization and of security best practices and be competent enough to draft a comprehensive security policy.
  • Implementing the policy
    The tools, processes, infrastructure, and resources needed implement the policy should be in place, and seamlessly integrated with each other.
  • Enforcements
    The policy should list out enforcement guides which will help translate the plan to reality.
  • Creating a culture of security
    The creating of a culture of security does not happen overnight and getting the policy to accepted and upheld can prove challenging.