How to Draft Effective Security Policies

Michael Overly of CSO Online put together a fantastic point-by-point explanation of how to draft more effective security policies.

It's a quick and dirty summation of key points you should consider in your policy creation process. In brief, they include:

• The policy should be understandable by all
• The policy should explain why it is important - and why all in the company consider it so
• The policy should lay out repercussions for failure to comply
• Employees should sign the policy
• The policy should be reviewed and updated often

Do you have an effective security policy?

To continue with this topic, the FTC also put together a list of 5 key issues your data security plan should address (see the tutorial on their website). This plan only talks about data security - not a comprehensive security policy - but since it was of a related topic, I thought I'd also share their tips!

1. Awareness: What data is being stored? Where?
2. Minimize: Only keep data you need.
3. Secure: Assess your risks and security options.
4. Trash it: Delete info periodically.
5. Make a plan: For a data breach & how to deal with it.

Here are some of our past posts on security policies:

• Policy Creation: Ask the Right Questions
• Document Retention Policy
• Mobile Data Management Policy
• Don’t Ignore Physical Data Management
• Security Policy Demonstration