I don’t understand this Computer Science question and need help to study.
The enforcement of an organizations IT security policies begins when the hard work of creating the policy and providing initial security awareness is done. All the effort put into creating the policy is of little value if it’s not followed. Maintaining compliance with laws and regulations in a complex IT environment is difficult. The vast array of regulations a company must comply with is constantly increasing and changing. At the center of most regulations’ intent is data protection. Stop the flow of data, and just as quickly you will disrupt the delivery of products and services. If the loss of data lasts long enough, the viability of the organization itself comes into question.
- How can an organization use monitoring to enforce security policies?
- What legal implications maybe encountered when an organizations attempts to enforce their security policies?
- Why are there differences between automated and manual policy enforcement?
- What are some “best” practices YOU recommend for enforcing an organizations security policies?