Does your organization have a firewall to provide protection? Originally, firewalls were intended to help contain fires to isolated areas. Then the term became commonly used to protect an organizations network/Internet borders for hackers and malicious activities.
There is another type of firewall that is needed in organizations - that is the protection of the organization through the proper communication of expected behaviors. We often hear of the internal threat from insiders in both inadvertent mistakes as well as malicious activity and transactions. What is needed in organizations is a human firewall that protects against unwanted employee behavior. This is done through a consistent policy management and engagement process. Organizations need to clearly engage employees on policies and enforce those policies throughout their environment. Policies provide a human firewall to protect the organization.
The Policy Management Capability Model is used to provide a consistent policy management process to ensure that policies are current and fit for the environment. There are two particular components in the PMCM that enable policies to be a human firewall . . .
1 - Communicate. Establish a risk-based and ongoing communication and training approach for each policy or category of policy, taking advantage of enabling services with skilled personnel and tools relevant to the design, delivery, attestation, and measurement of outcomes.
2 - Enforce. Establish tasks, methods, and processes for implementation, exceptions, enforcement, and assurance of policies.