Q

Contents of security user and manager manuals

I just read your answer to a question about security awareness. One of the comments was to "develop a security user and security manager manual designed for your organization." What exactly does this mean? What would be the content of the security user and security manager manuals?


A Manager's Security Guide is a high-level informational and instructional guide to how logical (or physical security if administered under the same organization) security is administrated in your organization and specifically directed toward supervisory positions. The guide should re-enforce the organization's policies, procedures and technical controls, as well as serve as part of an over all security awareness program developed at your organization.

Managers must understand that security awareness (including these guides) is an integral part for your corporation's defense computer fraud and abuse. The guide can be as limited or as expansive as your organization. Some key topics would be how to use the guide, glossary of terms, key contact name and numbers, mission statement, importance of Security Administration in an organization, computer crime, computer use and abuse, user-IDs and passwords, information classification, what security is and isn't, users' and company's rights, roles and responsibilities, concept of data owners and guardians, and personnel-specific issues such as hiring, transferring individuals (and the modification in physical/logical privileges) involuntary and voluntary termination, privacy / monitoring of usage, etc.

The User's Security Guide is functionally the same as the manager's guide, however, personnel information would be specific terminations and transfers as their logical/physical privileges would be affected.

Consider putting the manuals online where they will always be accessible and only one change is necessary should modification be necessary.


For more information on this topic, visit these other SearchSecurity.com resources:
Featured Topic: Managing infosec policies
News & Analysis: An overview of security policies
Infosec Know IT All Trivia: Managing infosec policies


This was first published in May 2002

Dig deeper on Security Resources

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close