Quick policy checklist

By Kevin Beaver, CISSP
Here's a quick checklist you can run through with your existing or new policy to help make sure you're on
the right track:

    Requires Free Membership to View

How long is your policy document? Two or three pages at most are usually more than enough to cover the issues at hand.
Does the roles and responsibilities section contain more than just IT personnel? It should -- policies are a management issue, not just an IT or security issue.
Has your policy been customized to your organization's needs based on e-mail usage, known vulnerabilities, etc.?
If you hand your policy document to a middle- or even elementary-school student could he or she repeat back to you what it says? Policies should be easy to read and understand.
Does your policy state, "this is how we do it here"?
Would an average adult say that your policy is reasonable and realistic?

Kevin Beaver is founder and principal consultant of Atlanta-based Principle Logic, LLC where he specializes in information security assessments for those who take security seriously and incident response for those who don't. He is author and co-author of several information security books including the The Definitive Guide to E-mail Management and Security (, Hacking For Dummies (Wiley), and the upcoming Hacking Wireless Networks For Dummies. Kevin can be reached at kbeaver @

This was first published in March 2005

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: