087. Michael Ranaldo: Your Security Policy Needs to Make Sense

In this episode, Holly and Michael have an in-depth discussion - okay, maybe it's a little bit of a rant - about security policies. Many organisations' cybersecurity policies are rarely given the attention they deserve, despite them being such an important part of protecting your business. Over the course of this conversation, Holly and Michael take a look at policy building and reviewing, common mistakes that organisations tend to make, and why you should be worried if no one on your team has any questions after "reading" through the policy... 0:15 Policy review 3:20 Rethink your security policy 11:00 Exceptions to the rule(s) 14:30 Does everyone in your organisation understand your security policy? 22:30 Are your rules made to be broken? 24:20 Our recommendations 27:00 What counts as a major system change? 31:35 Vulnerabilities and hardening 38:20 What, where, when, and why 43:10 A security policy rant 45:00 Don't restrict your staff 52:50 To be continued... Listening time: 55 minutes Host: Holly Grace Williams, MD at Secarma Guest: Michael Ranaldo, vISM & CSMA Security Consultant at Secarma Our website: www.secarma.com Tweet us: www.twitter.com/Secarma Events: www.eventbrite.co.uk/o/secarma-ltd-31129456455 Security Awareness Training: www.secarma.com/cybersecurity-services/security-training/security-awareness-training