What
makes a good security Usage Policy ?
at a minimum, a good security usage policy
should :
- Be
readily accessible to all members of the organization
- Define
a clear set of security goals
- Accurately
define each issue discussed in the policy
- Clearly
shown the organizations position on each issue
- Describe
the justification of the policy regarding each issue
- Define
under what circumstances the issue is applicable
- State
the roles and responsibilities of organizational members
with regards to the described issue
- Spell
out the consequences of non compliance with the described
policy
- Provide
contract information for further details or clarification
regarding the described issue
- Define
the user's expected level of privacy
- Include
the organization's stance on issues not specifically defined
|