The following challenges exist when implementing new security policies in an organization-
- Upper management approval
The upper management need to be educated about security and enrolled into the need to implement the policies
- Availability of skilled security personal
Skilled and experienced security personnel with “tacit knowledge”5 are required to understand how to draft security policies given the existing state of the organization. The team should be equally aware of the organization and of security best practices and be competent enough to draft a comprehensive security policy.
- Implementing the policy
The tools, processes, infrastructure, and resources needed implement the policy should be in place, and seamlessly integrated with each other.
The policy should list out enforcement guides which will help translate the plan to reality.
- Creating a culture of security
The creating of a culture of security does not happen overnight and getting the policy to accepted and upheld can prove challenging.