Given the growth in people, devices, and data connected to the Internet, how should security policy developers adapt to the new environment? Are there new security policy considerations that are needed, or existing security policy statements that should be changed or even eliminated?
- For example, many security policies were created when most Internet users were based in North America and Europe. Does the rise in Internet users in Asia, Africa, and Latin America require changes to security policies?
- For example, security policies have been optimized for a desktop-centric world, where the computing machines, their operating systems, and often their users were fixed to a geographic location. What changes are necessary to accommodate a more mobile-based world such as Bring Your Own Device (BYOD) and cloud computing?