The scope of a security policy

The scope of a security policy

I am looking into the BS 7799. With regards to security policies, I am a little confused. Does a security policy contain all policies on e-mail, Internet usage, etc., or are these separate and the security policy itself is just an overview?

    Requires Free Membership to View

    SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!

    Michael S. Mimoso, Editorial Director

    By submitting your registration information to SearchSecurity.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchSecurity.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

Security policies are actually very flexible documents. Your security policy can be one large document that incorporates an e-mail policy, an Internet Usage policy, an Acceptable Use policy, etc. You can also break each of these topics out into its own policy. I prefer to break policies out into individual sections and have one summary document. I feel end users approach the concept of security policies much more positively that way. Instead of handing them a 100 page document to read, they get a bunch of smaller documents.


For more information on this topic, visit these other SearchSecurity.com resources:
Security Policies Tip: Issues to cover in a security policy
Best Web Links: Security Policy & Infrastructure
Chat Transcript: Security policies in the workplace


This was first published in November 2002