Ask the Expert

Contents of security user and manager manuals

I just read your answer to a question about security awareness. One of the comments was to "develop a security user and security manager manual designed for your organization." What exactly does this mean? What would be the content of the security user and security manager manuals?

    Requires Free Membership to View

A Manager's Security Guide is a high-level informational and instructional guide to how logical (or physical security if administered under the same organization) security is administrated in your organization and specifically directed toward supervisory positions. The guide should re-enforce the organization's policies, procedures and technical controls, as well as serve as part of an over all security awareness program developed at your organization.

Managers must understand that security awareness (including these guides) is an integral part for your corporation's defense computer fraud and abuse. The guide can be as limited or as expansive as your organization. Some key topics would be how to use the guide, glossary of terms, key contact name and numbers, mission statement, importance of Security Administration in an organization, computer crime, computer use and abuse, user-IDs and passwords, information classification, what security is and isn't, users' and company's rights, roles and responsibilities, concept of data owners and guardians, and personnel-specific issues such as hiring, transferring individuals (and the modification in physical/logical privileges) involuntary and voluntary termination, privacy / monitoring of usage, etc.

The User's Security Guide is functionally the same as the manager's guide, however, personnel information would be specific terminations and transfers as their logical/physical privileges would be affected.

Consider putting the manuals online where they will always be accessible and only one change is necessary should modification be necessary.

For more information on this topic, visit these other resources:
Featured Topic: Managing infosec policies
News & Analysis: An overview of security policies
Infosec Know IT All Trivia: Managing infosec policies

This was first published in May 2002

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: