Question

I am sure you have heard the saying that goes something like why fix what isn't broken, but how will you know if it is broken. Policies and procedures are usually seldom reviewed once implemented which can prove to be disastrous. Explain why and how often a facility should review and update the security policy.

Answer 1

As we know that the current era is one where there are a number of threats which are faced by the organization. Gone are the days when just by making normal security policies and procedures, any organization can be assured of its security of data, manpower, and assets. At present situation, with the increased incidence of cybercrime, virus attack, militant activities, the concern for the security has been increased in a great deal. With the advent in technology, there is a more serious threat on the security as the hackers and attackers are using and trying to find out the new tricks and ploys to breach or dodge the security barriers. This is the reason why the organization must review their security policies and procedures on regular basis. Any kind of laps in this regard can cause a lot of funds, time and resource to the organization.

A security audit can be seen as a process of the event in which the security policy and standards are implemented and used for determining the comprehensive status of the current protection applied in the organization. This also tries to verify whether the prevailing protection is actionable on the prompt basis or not. Only a snapshot of the vulnerabilities in an organization at a specific time is provided. With the changing technology and the business environment, it is very important for the organization to have a periodic and continues review of these policies and procedures. On the basis of significance and criticality of the business, security review can be performed on weekly, monthly, quarterly or even yearly basis.