Tuesday, December 9, 2008

security policies

One of my major frustrations has been the implementation of meaningful security policies at my work.  I am in the unenviable position of having not enough pull in the company to own/implement a restrictive policy and my boss, a couple years from retirement, I don't think sees the need to write down everything.  I guess he figures we are a small enough operation that policy can be made up on the spot and communicated verbally.  This doesn't help me however when I'm trying to be pro-active in locking down the network and have nothing to measure against.  Frustrating.

No comments: