April 16th, 2016 1:33 pm

Security Administration—The Importance of a Security Policy

A comprehensive security policy shouldn’t be limited only to your computer network. A good security policy encompasses a range of activities across your entire organization, including workstation configuration, logon procedures, and building access procedures.


Educate Users One of the biggest stumbling blocks to implementing your security policy is the users and their knowledge of security issues (or lack thereof). Many users consider security issues trivial or an unnecessary nuisance. Make sure you provide a reason for implementing each policy instead of simply requiring that users blindly follow them. Awareness training should be part of every formal security plan. It should be mandatory for new employees and repeated at regular intervals to cover new threats that emerge.

Understanding Security Policies

In its simplest form, a security policy is a single document (or more commonly, a set of related documents) that describes the security controls that govern an organization’s systems, behavior, and activities. At the highest level, security policies do not specify technologies or particular solutions. Instead, they seek to define a specific set of conditions to help protect a company’s assets and its ability to conduct business.

In fact, any good security policy must address the following concerns:

  • Prevent waste or inappropriate use of organization resources (especially computing resources).
  • Limit or eliminate potential legal liability, be it from employees or third parties.
  • Preserve and protect valuable, confidential, or proprietary information from unauthorized access or disclosure.

Any well-crafted security policy is enshrined in written form, and provides a way to instruct employees about what kinds of behavior or resource usage are required and acceptable, and what is forbidden and unacceptable. A security policy defines marching orders for IT staff and security professionals to help them enact access controls, authentication methods, and accounting techniques. A good security policy also provides information for rank and file employees as to how to help protect their employer’s assets and information, and provides guidelines as to acceptable (and unacceptable) practices and behavior.

Did you like this article? Share it with your friends!