THE SECURITY OF AN ORGANIZATION’S INFORMATION is a direct result of the quality of its security policy. The security policy states the importance of security and defines a secure environment. Once a solid security policy is defined, it must be put into practice. Administering the components of a security policy means creating and deploying controls that ensure compliance with the policy.

In this chapter, you’ll learn how to ensure that your organization meets your security policy’s goals. You’ll learn about the responsibilities of a security administrator and the tasks needed to go from a policy to usable controls. You’ll also learn how important it is to constantly review and measure performance to ensure that you maintain the most secure environment possible.