You learned in this chapter how to approach the implementation of security policies. This included standardizing a process approach. You learned the importance of executive buy-in and users’ acceptance of policies. The goal is to have the policies become second nature to users over time. When users embrace security policies as part of their daily routines, you begin to see a cultural change. You learned about the importance of security awareness training. It ensures that everyone understands the policies. It also increases the chance policies will be used. You can hold users accountable if they understand the policies.
The chapter also examined the importance of governance and monitoring. It discussed how security policies are published and disseminated. You explored various communication methods. You learned the importance of a communications plan and how it’s used to coordinate a consistent message. Finally, the chapter examined how to overcome technical and nontechnical hindrances. This included a discussion of best practices.