Developing a Security Policy - Overcoming Those Hurdles

This paper describes the real-life experiences involved in developing a security policy and gaining its endorsement in a medium sized company. The major challenges, as with all companies, is the big cost factor and the acknowledged belief that security is not a real issue. After all, who'd want to attack us and what damage could they do? There is a real belief among companies that it won't happen to them and we can recover if it does. What many companies don't realize is that attacks can occur without warning and for no apparent reason. Attackers don't necessarily steal information. They can bring your servers or systems down in a denial of service attack or they can compromise the integrity of your systems. Attackers don't need reasons, only opportunities.