Tuesday, February 7, 2017

Vetting Security Policies

There always seems to be a considerable gap between policy development and execution.

This often stems from a delineation between the org that develops versus audits said policies.

Beyond administrative controls, many companies are now deploying security solutions (e.g., DLP, CASB, EMM/MDM, MAM, IAM/IDM, DMARC/SPF, ATP) w/ policy engines.  To implement either admin and/or technical safeguards and not validate their utilization is a noticeable risk.