Policy enforcement
To this point, we have covered several technologies to protect enterprise systems, and the final component is process related, which is policy enforcement. We covered security standards and policies in Chapter 3, Security As a Process prior to any protection topics being presented. This is because in order to have a position on how to protect systems in the enterprise, the trust models need to be built and required policies written as a guide to what methods to employ. The benefit of having policies is that there is a communicated enterprise-wide statement on how the enterprise expects employees to use assets and consequences to actions contrary to policy statements are also made explicit.
There is a standard set of policies typical to all enterprises across industries such as acceptable use and technology use. Regardless of the controls implemented to protect the system, there will be administrators and other users with elevated privileges and this access must be controlled...
