|
of Security Policies
As
the selected assets are secured, tests should be executed to make sure that the
created policies and deployed technologies actually perform as desired. If not,
new policies reflecting new requirements need to be generated. Therefore, test
procedures need to be considered as part of the policy development cycle.
As
an example, the policies and procedures for physical access should be tested on
an un-announced basis. This should be written into the policy as well as the
maximum re-test interval allowed. Additionally, the expected results of such
tests should be documented. If the expected results are not obtained, an
analysis of the causes for not achieving the expected results needs to occur.
If the analysis indicates that the policy is in error, then the policy needs to
be revised.
|
