Information security uses administrative, technical (logical), and physical controls to mitigate risks related to organization’s assets. A policy is an administrative control.
If no policy exist in the IT department, research shows that employees will default to a defacto policy. A defacto policy means a policy that is in effect ,but not formally recognize. To stop this for happening, It is important for students to understand how to take the cloud best practices discussed throughout this course and use them to create a cloud security policy. Cloud security fundamentals and mechanisms is a huge part of the cloud security policy.
to create a policy for the cloud. Please note, the SANS policy is a template you can use to structure your policy. If you are having trouble with the links above, these supporting documents can be found in the Cloud Policy Assignment Documents folder.