Back to the Basics: How to Create Effective Information Security Policies

One of the most dreaded tasks in information security has to be developing policies. While policies are needed to make technical and physical security controls effective, many policies end up being poorly written, misunderstood and often ignored by the workforce. This session will review best practices and simple approaches that can be used to create and implement more effective information security policies.Learning Objectives:1: Review the foundational steps and principles required to create effective policies.2: Understand how to align policies with the organization's internal and external environment and requirements.3: Discuss a process for developing and implementing policies to ensure that they are understood and adopted.Pre-Requisites:A general understanding of virtualization technologies would be helpful but not mandatory.