“If you can’t translate your requirements into effective policy, then you’ve little hope of your requirements being met in an enforceable way,” says Rob McMillan, research director at Gartner. “But if you get it right, it will make a big difference in your organization’s ability to reduce risk.”
Not only that, getting your security policies right will also make a big difference in your organizations ability to do business. According to Gartner, “by 2018, 50 percent of organizations in supply chain relationships will use the effectiveness of their counterpart’s security policy to assess the risks in continuing the relationship, up from 5 percent [in 2015].”
The good news: You don’t need to reinvent the wheel.
