Information security policy, while being one of the most important steps in helping to secure an information system, is also one of the most frequently overlooked and misunderstood in small businesses. Performing the steps necessary to create strong, effective, and more importantly, enforceable policy are usually perceived to be beyond the resources of most small businesses. Yet with the pervasiveness of small business, these information systems can become unwitting tools for attackers and provide a stepping stone for larger attacks on enterprise networks.
By understanding the pertinent issues in creating and maintaining effective policy, small businesses can create workable rules by first understanding the psychology of their workers, the Information landscape in which they operate, and the value of the information being protected.
This document is in PDF format. To view it click here.