IT Security Policies Adoption and Best Practices

October, 2018


Nearly every IT organization has security policies to some extent, but there is often much room for improvement. The fact that so many companies have IT security policies that are not formally established, comprehensive in their scope, or followed consistently is part of the reason that we continue to see little progress against high-profile cyberattacks. In this report, we look at adoption trends and maturity of IT security policies by organization size and sector. We conclude with practical recommendations for IT organizations interested improving their IT security policies. (17 pp., 6 figs.)
[Research Byte]