Security policies are actually very flexible documents. Your security policy can be one large document that incorporates an e-mail policy, an Internet Usage policy, an Acceptable Use policy, etc. You can also break each of these topics out into its own policy. I prefer to break policies out into individual sections and have one summary document. I feel end users approach the concept of security policies much more positively that way. Instead of handing them a 100 page document to read, they get a bunch of smaller documents.
For more information on this topic, visit these other SearchSecurity.com resources:
Security Policies Tip: Issues to cover in a security policy
Best Web Links: Security Policy & Infrastructure
Chat Transcript: Security policies in the workplace
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.