A policy should define the level of
control users must observe and balance that with productivity goals. An overly strict policy will be hard to
implement because compliance will be minimal or ignored. On the contrary, a loosely defined policy can be
evaded and does not ensure accountability and responsibility. A good policy has to have the right balance.
Examples of Security Policies
Depending on the size of the organization, potentially dozens of security policy topics may be appropriate. For
some organizations, one large document covers all facets; at other organizations, several smaller, individually
focused documents are needed. The sample list that follows covers some common policies that an organization
should consider.
Acceptable use: This policy outlines the acceptable use of computer equipment. The rules are
established to protect the employee and the organization. Inappropriate use exposes the company to risks
including virus attacks, compromise of network systems and services, and legal issues.
Ethics: This policy emphasizes the employee's and consumer's expectations to be subject to fair business
practices. It establishes a culture of openness, trust, and integrity in business practices.
Pages:
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56