--Originally published at Tech and no-tech
Companies should have an idea on how to protect their physical and information technology assets. They, usually, state these measurements in a document, commonly known as a security policy. And what do we find in that document? Well, as easy as it is, we find security policies.
When talking more in depth about information security, a security policy sates the rules, laws and/or practices for computer network access. And it regulates how organizations will manage, protect, and distribute their sensitive information. It may also lay the framework of the security of the company. Therefore, security policies are important in companies.
There are a lot of information of the best practices for information security. Keep in mind, when writing a security policy, that these best practices do no ensure the security of your network. It can depend or circumstance, scenarios or vary depending on the network, per se.
There are 8 thing policies should define:
- Scope.
- Who does the actions defined by the policy.
- Defines when defines actions are to be done.
- Defines where or on what equipment the policy applies to.
- Defines the organizational level that the policy applies to such as a division or the entire enterprise.
- Who enforces the policy.
- What are the consequences of failure to follow the policy.
- Policies may reference procedures that are used but do not define the procedures.
Security policies should be concise and as brief as possible while still fulfilling their purpose.
In collaboration with:
References:
Definition: Security policy – SearchSecurity
Definition: Security policy – webopedia
Security Policies – The Computer Technology Documentation Project
