Tools for Crafting Security Policies

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

One of the first things an employee is handed when he or she walks in the office for the first day on the job is an employee handbook. In addition to rights and responsibilities, this guide usually contains a lengthy number of policies. Hopefully, some of those policies involve computer security. If not, it's time to incorporate it into employee policies.


IT Business Edge partner The Computer Guy contributed an extensive document to the Knowledge Network that gives users a look at what a typical policy might look like. The documentSample Network Security Policy focuses on a wide array of topics including passwords, physical security, usage, backups, e-mail, viruses and good working habits.


This sample policy targets first and foremost on passwords. A portion of the policy regarding passwords reads as follows:


Passwords for all systems are subject to the following rules:

  • No passwords are to be spoken, written, e-mailed, hinted at, shared, or in any way known to anyone other than the user involved. This includes supervisors and personal assistants.
  • No passwords are to be shared in order to "cover" for someone out of the office. Contact IT, and it will gladly create a temporary account if there are resources you need to access.
  • Passwords are not to be displayed or concealed on your workspace.


Another primary focus of many computer policies, and a concern for many businesses, is usage. This sample policy addresses proper use and misuse of company computers:


Violations of Internet and e-mail use include, but are not limited to, accessing, downloading, uploading, saving, receiving, or sending material that includes sexually explicit content or other material using vulgar, sexist, racist, threatening, violent, or defamatory language. Users should not use services to disclose corporate information without prior authorization. Gambling and illegal activities are not to be conducted on company resources.


Protecting Your Passwords addresses the importance of creating an effective password; a solid policy should provide information about a strong password, such as not using personal information and combining numbers and letters in the password.


One of the issues many companies can face is the compromising of passwords from an internal threat.


Another Knowledge Network document provides security tips by focusing on the end user.


For the latest Knowledge Network updates, follow us on Twitter.