Policies and Procedures
Rollout organization-wide security policies and procedures.
What is the purpose of security policies and procedures?
A security policy describes information security objectives and strategies of an organization. The basic purpose of a security policy is to protect people and information, set the rules for expected behaviors by users, define, and authorize the consequences of violation.
How do you write security policies and procedures?
- Identify your risks
- Make sure the policy conforms to legal requirements
- Include staff in policy development
- Train your employees
- Get it in writing
- Set clear penalties for non-compliance and enforce them
What makes for a good security policy?
There are three primary characteristics of a good security policy: Most important, the policy must be enforceable and it must apply to everyone. The policy must be capable of being implemented through system administration procedures and through the publication of acceptable-use guidelines or other appropriate methods.
What are security procedures?
A security procedure is a set sequence of necessary activities that performs a specific security task or function. Procedures are normally designed as a series of steps to be followed as a consistent and repetitive approach or cycle to accomplish an end result.