Tom Scholtz

Policy forms the foundation of an information security solution, but many organizations struggle to turn documented policy into reality. Effective policy compliance requires a broad set of interrelated practices and processes, reports the META Group.

Effective information security requires consistent policies, effective human resources, and appropriate technology. However, a process-centric approach is essential for providing the requisite scalability, consistency, and auditable characteristics of enterprise wide security and privacy solutions, says new research from the META Group.

Organizations are shifting their strategic focus from establishing consolidated information security teams toward initiating enterprise security programs. However, the success of these programs is inextricably linked to the successful establishment of clear organizational roles and responsibilities, according to META Group.

The European Union's Directive on Data Protection legislation is being implemented by member states. Affected organizations must take the requisite action to ensure their business practices and security enforcement mechanisms are brought into compliance.