What a Security Policy Looks Like


First, a security policy document is usually several documents. For example, an organization might need some or all of the following:

  • Acceptable use policy

  • Antivirus policy

  • Remote access policy

  • E-mail access and retention policy

  • Password policy

  • Server security policy

  • Privacy policy

An organization might need many more types of policies in addition to these. However, the first and most important policy is a general risk management policy. This should outline what the unique risks are to your organization. To do this, you must start by defining the assets you are interested in protecting. We deal more with that in the following section, "Why a Security Policy Is Necessary."

A policy may be a single document, but is usually several. Not everyone needs to be concerned with all parts of it, so it often makes sense to break it into pieces. There is no rule for how to divide the policy, only to do what is right for your organization. The only thing to ensure is that the policy needs to be accessible to users, and it should be easy to search for the appropriate information. One popular way to publish a policy is on a searchable Web site. This way, when users need to learn about the policy, they can go to a single site and then search for the information they need.



Protect Your Windows Network From Perimeter to Data
Protect Your Windows Network: From Perimeter to Data
ISBN: 0321336437
EAN: 2147483647
Year: 2006
Pages: 219

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net