Often it is difficult to justify security policy development to management. In many cases, this is due to a lack of understanding on just how detailed and complex policy writing can be. “Just go find a template on the internet.” For those of you who have tried this approach, you quickly discover that there is much more to the process IF you want to create a set of quality, consistent policy documents.
Buy or Build?
For those of you still struggling to justify the purchase of a policy package, download our whitepaper The ROI of Pre-Written Information Security Policies. In this short paper we present a simple model for estimated the cost of writing information security policies. Understanding this cost is the best way to computer a “return on investment” of purchasing a quality set of templates such as Information Security Policies Made Easy.
Understanding the Total Cost of Policy Development
But remember, developing information security policies is only one part of the ongoing management process. To better understand the entire life-cycle costs of developing and maintaining policies, read our whitepaper The Total Cost of Information Security Policy Management. Using these tools should help you estimate the costs of your policy development project, including using in-house resources versus outside consultants.