IDC Perspective´Â ¼º°øÀûÀÎ º¸¾È Á¤Ã¥ Àü·«À» ¼ö¸³ÇÏ´Â µ¥ ÇÊ¿äÇÑ ´Ü°è¸¦ ¼³¸íÇÕ´Ï´Ù. º¸¾È Á¤Ã¥Àº Á¶Á÷ÀÌ ¼ö¿ëÇÒ ¼ö ÀÖ´Ù°í ÆÇ´ÜÇÏ´Â À§Çè ¼öÁØ¿¡ µû¶ó ¸ðµç À¯ÇüÀÇ »çÀ̹ö º¸¾È ¹× ÄÄÇöóÀ̾𽺠¹®Á¦¸¦ ¿ÏÈÇϱâ À§ÇÑ ÀÇ¹Ì ÀÖ´Â ÇൿÀÇ ±â¹ÝÀÌ µÇ¾î¾ß ÇÕ´Ï´Ù. ±×·¯³ª º¸¾È Á¤Ã¥ÀÌ ½ÇÇà °¡´É¼º ºÎÁ·, À§Çè¿¡ ´ëÇÑ Á¾ÇÕÀûÀÎ ´ëÀÀ ½ÇÆÐ, Á¶Á÷ Àü¹ÝÀÇ Á¤Ã¥ ÀÎ½Ä ºÎÁ· µîÀÇ ¹®Á¦¸¦ ¾È°í ÀÖ´Ù¸é ÀÌ·¯ÇÑ ¸ñÇ¥¸¦ Áö¿øÇÒ ¼ö ¾ø½À´Ï´Ù. IDCÀÇ IT Executive Programs(IEP) ºñ»ó±Ù ¿¬±¸ ¾îµå¹ÙÀÌÀú, Chris Tozzi´Â ´ÙÀ½°ú °°ÀÌ ¸»ÇÏ°í ÀÖ½À´Ï´Ù. "È¿°úÀûÀÎ º¸¾È Á¤Ã¥À» ¼ö¸³, º¸±Þ, À¯ÁöÇϱâ À§Çؼ´Â ü°èÀûÀÎ ÇÁ·Î¼¼½º¸¦ ¸¶·ÃÇÏ´Â °ÍÀÌ Áß¿äÇÕ´Ï´Ù. ¶ÇÇÑ º¸¾È Á¤Ã¥ °ü¸®ÀÇ ´Ù¾çÇÑ ÀÌÇØ°ü°èÀÚ¸¦ ½Äº°ÇÏ°í À̵éÀ» ÇÁ·Î¼¼½º¿¡ Æ÷ÇÔ½ÃÅ°´Â °Íµµ Áß¿äÇÕ´Ï´Ù."
This IDC Perspective walks businesses through the steps necessary for establishing a successful security policy strategy. Security policies should provide the foundation for meaningful action in mitigating cybersecurity and compliance challenges of all types based on the level of risk that an organization deems tolerable. In addition, by detecting mismatches between their policies and actual practices, businesses can identify potentially serious risks that require correction.However, security policies fail to support these goals when they suffer from problems like lack of actionability, failure to address risks comprehensively, and lack of awareness of policies across the organization.To mitigate these challenges and create policies that drive meaningful action, enterprises require a coherent strategy that addresses all stages of the policy life cycle, from initial policy development and review to policy dissemination and ongoing updates."For effective security policy development, promulgation, and maintenance, having a systematic process in place is key," says Chris Tozzi, adjunct research advisor for IDC's IT Executive Programs (IEP). "And so is identifying the various stakeholders in security policy management and ensuring that you plug them into your processes."