How to Draft Effective Security Policies

By: Absolute Team | 4/16/2010

Michael Overly of CSO Online put together a fantastic point-by-point explanation of how to draft more effective security policies.

It's a quick and dirty summation of key points you should consider in your policy creation process. In brief, they include:

  • The policy should be understandable by all
  • The policy should explain why it is important - and why all in the company consider it so
  • The policy should lay out repercussions for failure to comply
  • Employees should sign the policy
  • The policy should be reviewed and updated often

Do you have an effective security policy?

To continue with this topic, the FTC also put together a list of 5 key issues your data security plan should address (see the tutorial on their website). This plan only talks about data security - not a comprehensive security policy - but since it was of a related topic, I thought I'd also share their tips!

  1. Awareness: What data is being stored? Where?
  2. Minimize: Only keep data you need.
  3. Secure: Assess your risks and security options.
  4. Trash it: Delete info periodically.
  5. Make a plan: For a data breach & how to deal with it.

Here are some of our past posts on security policies:

Financial Services