Comment Been there done that (Score 1) 70
Easy solution. Work at a company and ... have a backup of their security policy ready. Think of it as a template.
When you leave that company do a replace on the company name and make it the official policy of the new company.
In case you get an audit match the auditors requirements with your security policy and enhance it where it lacks using the format of the template you brought along.
During the time of the audit have signs up in the office, revoke the CEO's and any other big shots/pain in the ass user's special privileges like having no password complexity, automatic timeout, etc.
When the auditors leave relax and congratulate yourself on how you played your part in the whole accreditation/compliance/certification placebo crap.
On the other hand if you really dislike a user point out a random clause in the policy and have them fired for violating it.
When you leave that company do a replace on the company name and make it the official policy of the new company.
In case you get an audit match the auditors requirements with your security policy and enhance it where it lacks using the format of the template you brought along.
During the time of the audit have signs up in the office, revoke the CEO's and any other big shots/pain in the ass user's special privileges like having no password complexity, automatic timeout, etc.
When the auditors leave relax and congratulate yourself on how you played your part in the whole accreditation/compliance/certification placebo crap.
On the other hand if you really dislike a user point out a random clause in the policy and have them fired for violating it.