A security policy is the essential basis on which an effective and comprehensive security program can be developed.  This critical component is the primary way in which the agency security plan is translated into specific, measurable, and testable goals and objectives.

The security policies developed must establish a consistent notion of what is and what is not permitted with respect to control of access to your information resources.  They must bond with the business, technical, legal, and regulatory environment of your agency.

The following is a recommended outline of the components and characteristics of a security policy template.  A sample Acceptable Use Policy using this outline is attached for your reference as Appendix A.

Section 1 – Introduction:

A purpose should be stated in the introduction section.  This should provide the reader with a brief description of what this policy will state and why it is needed.  The security stance of your agency should be stated here.

Section 2 – Roles and Responsibilities:

It is important that the policy detail the specific responsibilities of each identifiable user population, including management, employees and residual parties. 

Section 3 – Policy Directives:

This section describes the specifics of the security policy.  It should provide sufficient information to guide the development and implementation of guidelines and specific security procedures.

Section 4 – Enforcement, Auditing, Reporting:

This section states what is considered a violation and the penalties for non-compliance. The violation of a policy usually implies an adverse action which needs to be enforced.

Section 5 – References:

This section lists all references mentioned in the policy, including agency standards, procedures, government code, and State Administrative Manual sections.

Section 6 – Control and Maintenance:

This section states the author and owner of the policy.  It also describes the conditions and process in which the policy will be reviewed.  A policy review should be performed at least on an annual basis to ensure that the policy is current.

"Looking for a Similar Assignment? Order now and Get 10% Discount! Use Code "Newclient"