Information Securityby Andy Taylor
Step 5 – Implement your control policy
How you implement your new security policy will depend very much on the types of control that have been selected. In some cases, it will simply be a case of writing a directive for the staff warning them of the consequences of using or accessing information inappropriately. In other cases, there may need to be an implementation of some technological control, such as a CCTV system, or a firewall or other device.