Cover Your IT Assets: Create Security Policies

John Storts
Slide Show

8 Elements of Complete Vulnerability Management

Eight essential elements to help reduce your vulnerability to hackers.

The federal government's efforts to implement cyber security policies may be hampered by political wrangling and bureaucratic red tape, but that doesn't mean that you can take a leisurely pace when it comes to protecting your organization's IT assets and sensitive information. Hackers, phishers, cyber terrorists and other criminal coders certainly aren't breaking stride.


Good security policies can lessen the risks posed by these bad actors. The first step to providing protection is to create a high-level policy that defines your company stance and designates a security team to hammer out security measures and procedures.


To offer an example of how one government agency handles this, the City and County of San Francisco Committee on Information Technology (COIT) created a security policy to inform users, staff and managers of their responsibilities, obligations and requirements to protect information technology and assets. Rather than delving immediately into the nuts and bolts of techniques, this policy lays the foundation upon which specifics can be developed by requiring:

  • Establishment of an IT security working group.
  • Development of a comprehensive security framework.
  • Adoption of a risk assessment policy.
  • Implementation of security budget guidelines.


If your organization is on the ground level when it comes to security policy, then this example contributed by San Francisco's COIT gives you a solid entry point.


These Knowledge Network resources can provide additional help:

Network Security Policy for Portable Computers

Colorado State University Information Technology Security Policy

Information Security for End Users

Add Comment      Leave a comment on this blog post

Post a comment





(Maximum characters: 1200). You have 1200 characters left.




Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.