The scope of a security policy |
 |
EXPERT RESPONSE FROM: Mandy Andress
|
|
|
|
| > |
QUESTION POSED ON: 01 November 2002
I am looking into the BS 7799. With regards to security policies, I am a
little confused. Does a security policy contain all policies on e-mail,
Internet usage, etc., or are these separate and the security policy itself is
just an overview?
|
|
| > |
Security policies are actually very flexible documents. Your security
policy can be one large document that incorporates an e-mail policy, an
Internet Usage policy, an Acceptable Use policy, etc. You can also break
each of these topics out into its own policy. I prefer to break policies
out into individual sections and have one summary document. I feel end
users approach the concept of security policies much more positively
that way. Instead of handing them a 100 page document to read, they get
a bunch of smaller documents.
For more information on this topic, visit these other SearchSecurity.com resources:
Security Policies Tip: Issues to cover in a security policy
Best Web Links: Security Policy & Infrastructure
Chat Transcript: Security policies in the workplace
|
|
|
|
|
|
|
|
Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and
answer pairs from more than 250 TechTarget industry experts.
|
|
|
|
|
|
|
|
|
|
|
|
