Tools for Crafting Security Policies

Patrick Avery

One of the first things an employee is handed when he or she walks in the office for the first day on the job is an employee handbook. In addition to rights and responsibilities, this guide usually contains a lengthy number of policies. Hopefully, some of those policies involve computer security. If not, it's time to incorporate it into employee policies.


IT Business Edge partner The Computer Guy contributed an extensive document to the Knowledge Network that gives users a look at what a typical policy might look like. The documentSample Network Security Policy focuses on a wide array of topics including passwords, physical security, usage, backups, e-mail, viruses and good working habits.


This sample policy targets first and foremost on passwords. A portion of the policy regarding passwords reads as follows:


Passwords for all systems are subject to the following rules:

  • No passwords are to be spoken, written, e-mailed, hinted at, shared, or in any way known to anyone other than the user involved. This includes supervisors and personal assistants.
  • No passwords are to be shared in order to "cover" for someone out of the office. Contact IT, and it will gladly create a temporary account if there are resources you need to access.
  • Passwords are not to be displayed or concealed on your workspace.


Another primary focus of many computer policies, and a concern for many businesses, is usage. This sample policy addresses proper use and misuse of company computers:


Violations of Internet and e-mail use include, but are not limited to, accessing, downloading, uploading, saving, receiving, or sending material that includes sexually explicit content or other material using vulgar, sexist, racist, threatening, violent, or defamatory language. Users should not use services to disclose corporate information without prior authorization. Gambling and illegal activities are not to be conducted on company resources.


Protecting Your Passwords addresses the importance of creating an effective password; a solid policy should provide information about a strong password, such as not using personal information and combining numbers and letters in the password.


One of the issues many companies can face is the compromising of passwords from an internal threat.


Another Knowledge Network document provides security tips by focusing on the end user.


For the latest Knowledge Network updates, follow us on Twitter.

Add Comment      Leave a comment on this blog post
Feb 26, 2009 4:50 AM Jay Eckhaus Jay Eckhaus  says:

The importance of computer, network and internet security policies cannot be overemphasized.  Coupled with such a policy should be a policy informing employees of the Employer's right to monitor computers, the network, email, internet, mail and telephone usage.

Many employees incorrectly assume that they have an absolute right of privacy when using company property.  A properly written policy on monitoring the workplace is an important ingredient of security policies.  Monitoring policies must also comply with both federal and state law; as with all policies contained in an employee handbook.

May 20, 2009 11:56 AM michaelkylner michaelkylner  says: in response to Jay Eckhaus

I do agree with you in this regard, Employee handbook would help the company to easily communicate the company policies and legal legislations to their employees and get the acceptance for the same.


Post a comment





(Maximum characters: 1200). You have 1200 characters left.



Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.