The scope of a security policy
I am looking into the BS 7799. With regards to security policies, I am a
little confused. Does a security policy contain all policies on e-mail,
Internet usage, etc., or are these separate and the security policy itself is
just an overview?
Security policies are actually very flexible documents. Your security
policy can be one large document that incorporates an e-mail policy, an
Internet Usage policy, an Acceptable Use policy, etc. You can also break
each of these topics out into its own policy. I prefer to break policies
out into individual sections and have one summary document. I feel end
users approach the concept of security policies much more positively
that way. Instead of handing them a 100 page document to read, they get
a bunch of smaller documents.
For more information on this topic, visit these other SearchSecurity.com resources:
Security Policies Tip:
Issues to cover in a security policy
Best Web Links:
Security Policy & Infrastructure
Chat Transcript:
Security policies in the workplace
This was first published in November 2002
Join the conversationComment
Share
Comments
Results
Contribute to the conversation