The scope of a security policy

I am looking into the BS 7799. With regards to security policies, I am a little confused. Does a security policy contain all policies on e-mail, Internet usage, etc., or are these separate and the security policy itself is just an overview?
Security policies are actually very flexible documents. Your security policy can be one large document that incorporates an e-mail policy, an Internet Usage policy, an Acceptable Use policy, etc. You can also break each of these topics out into its own policy. I prefer to break policies out into individual sections and have one summary document. I feel end users approach the concept of security policies much more positively that way. Instead of handing them a 100 page document to read, they get a bunch of smaller documents.

For more information on this topic, visit these other SearchSecurity.com resources:
Security Policies Tip: Issues to cover in a security policy
Best Web Links: Security Policy & Infrastructure
Chat Transcript: Security policies in the workplace

This was first published in November 2002

Dig deeper on Information Security Policies, Procedures and Guidelines



Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.



Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: