What issues should a security policy address?
There are a number of issues a security policy should address; the most important is why there is a need for one to start with. Many people using computers as part of their daily duties are not aware of the security risks, although this is not as true as it was a few years ago. The security policy should then address simple working practices and procedures that can improve security and the company’s ability to recover from security events (e.g. backup schedules and business recovery plans). Followed by outlines for training and awareness programs that may be required. The policy needs to outline minimum standards for IT security within the organisation; for example specifications for anti-virus and firewall products, and the management, maintenance and upgrading of these products. A very important part of a security policy is specifying processes and procedures for dealing with security events (e.g. a virus infection or network ‘hack’). There should be clear guidelines and responsibili
