- Training
- Training Live Events
- Training Without Travel
- SANS Courses
- Certified Instructors
- Career Roadmap
- Training Calendars
- SANS @Home
- SANS OnDemand
- Community SANS
- SANS Mentor Program
- SANS Onsite
- SANS SelfStudy
- SANS Partnership Series
- SANS Workshop Series
- Webcasts
- Work Study
- Events Archive
- DoD 8570
- Voucher Credit Program
- group discounts
- Certification
- Resources
- Vendor
- Portal
- Storm Center
- College
- Developer
- About
the most trusted source for computer security training, certification and research
Developing a Security Policy - Overcoming Those Hurdles
- Abstract
- This paper describes the real-life experiences involved in developing a security policy and gaining its endorsement in a medium sized company. The major challenges, as with all companies, is the big cost factor and the acknowledged belief that security is not a real issue. After all, who'd want to attack us and what damage could they do? There is a real belief among companies that it won't happen to them and we can recover if it does. What many companies don't realize is that attacks can occur without warning and for no apparent reason. Attackers don't necessarily steal information. They can bring your servers or systems down in a denial of service attack or they can compromise the integrity of your systems. Attackers don't need reasons, only opportunities.