Ask the Expert

The scope of a security policy

I am looking into the BS 7799. With regards to security policies, I am a little confused. Does a security policy contain all policies on e-mail, Internet usage, etc., or are these separate and the security policy itself is just an overview?

    Requires Free Membership to View

Security policies are actually very flexible documents. Your security policy can be one large document that incorporates an e-mail policy, an Internet Usage policy, an Acceptable Use policy, etc. You can also break each of these topics out into its own policy. I prefer to break policies out into individual sections and have one summary document. I feel end users approach the concept of security policies much more positively that way. Instead of handing them a 100 page document to read, they get a bunch of smaller documents.

For more information on this topic, visit these other resources:
Security Policies Tip: Issues to cover in a security policy
Best Web Links: Security Policy & Infrastructure
Chat Transcript: Security policies in the workplace

This was first published in November 2002

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: