If you’re having trouble getting security policies on the radar of management and users – much less getting the real buy-in you need, don’t fret – there is a possible solution.
It’s an idea I got from Louise Slaughter (good name for a politician) and her attempt to force Obamacare on us. Simply make your policies “self-executing”. In other words, you write the policies and include verbiage in each one that makes them take effect without any buy-in, votes, or opinions whatsoever.
Imagine if it were this simple for anyone but politicians to manipulate the system in their favor. Now that would be information security change we could believe in!