Internet network security policies are flawed in strategy and implementation.
Gary suggests that the use of external consultants for the entire internet network security policy framework is not a great idea since the external consultants will find it difficult to grasp the intricacies and business drivers for the network security decisions.
Also, in terms of implementation, the internet network security policy should be disseminated to each and every employee of the company through seminars , handouts and quizzes rather than an innocuous email that no one reads.
The network security policy should capture the latest trends in the network security industry rather than playing catch up. One of the network security aspects
that Internet network security policy makers should be worried about now is access to corporate data through a Blackberry or a mobile phone.
New ways of accessing internet cause internet security policy nightmares for CIOs. For example, most companies allow employees to access the corporate intranet mails thru Blackberrys. Also, some companies allow VPN access to the entire corporate intranet. All this is usually actually in violation of the existing corporate internet security policy which has to be rewritten.
In conclusion, internet network security policy implementors should focus on internal buy in among employees and proper dissemination to the entire IT work force,including contractors.This will ensure that the internet network security policy doesnt end up as a useless binder in your boss's cabin!