From Ryan Groom,
Your Guide to Business Security.
FREE Newsletter. Sign Up Now!

Security polices dictate how an organization and users conduct their actions concerning company data and the corporate network. It is very important that these policies outline the conduct of all the computer users of the organizations.

Where to Start?

Management has decided that it is now time to create a security policy, but where do you start? As the policy will help govern how security is implemented in your organization, the policy needs to be precise, effective and cover the right points. How the business operates will greatly effect how the policy is written, and one policy may not be appropriate for another organization. You cannot adopt a “One size fits all” mentality.

The following is a collection of security polices that will inspire your creative juices so that you can start taking notes to decide which policy items are right for your business. Finding points in other policies is a good starting point to creating your own. After you select policy items from the samples then you can start to fill in your own policy items that are unique to your business.

Which Policy to Start Creating First?

Two very important security policies are Internet Acceptable Use Policy and Email Security Policy. Both of these policies deal with the majority of the information that flows into your organization digitally from the outside. This information comes into an organization in the form of data collected by Internet surfing or by email. The best thing IT/Security can do is have the items in the policy enforced by technology. If there are things you do not want to the user to do while using your corporate network, then the first step is to control this behavior with technology if possible. If technology cannot control the conduct, then the policy items need to describe user acceptable usage.

Once you have addressed how the data in your organization will be handled, take a look at a policy to backup the data is very important. Down time due to data loss is frustrating, especially if the data needs to be recreated from scratch.

Finally, what about the manager that holds the keys to the kingdom? Before the worst happens the organization needs to know how you dismiss a System Administer if need be. This plan requires deep thought and in depth planning.

So, when creating your security policies, find as many as you can, slice and dice and sprinkle with some of your own unique needs and before you know it, you will have a policy effective for your organization.