Security Policies

Besides the technical controls listed above, organizations also need to

implement security policies as a form of administrative control. In fact,

Don't use plagiarized sources. Get Your Custom Essay on
Security Policies
Just from $13/Page
Order Essay

these policies should really be a starting point in developing an overall

security plan. A good information‐security policy lays out the guidelines

for employee use of the information resources of the company and

provides the company recourse in case an employee violates a policy.

According to the SANS Institute, a good policy is “a formal, brief, and

high‐level statement or plan that embraces an organization’s general

beliefs, goals, objectives, and acceptable procedures for a specified

subject area.” Policies require compliance; failure to comply with a policy

will result in disciplinary action. A policy does not lay out the specific

technical details, instead it focuses on the desired results. A security

policy should be based on the guiding principles of confidentiality,

integrity, and availability.


and taste our undisputed quality.