If you tell IT managers they need to create a formal, written security policy for their company (many small- and mid-sized companies don't have one) what's the first thing they'll say in response?
If you tell IT managers they need to create a formal, written security policy for their company (many small- and mid-sized companies don't have one) what's the first thing they'll say in response?
"Can you show me a template I can use to create one?"
That's wrong thinking. You don't want to create your security policy based on some general set of principles abstracted from companies in various business sectors. Instead, you want to base your security policy on your own company's needs and nothing else. What information assets does your company have that need protecting? What risks do these assets realistically face? Prioritize your assets according to value and risks according to likelihood. Then create a policy that addresses each risk appropriately.
About Mitch Tulloch
Mitch Tulloch was lead author for the Windows Vista Resource Kit from Microsoft Press, which is the book for IT pros who want to deploy, maintain and support Windows Vista in mid- and large-sized network environments. Mitch was also the author of Introducing Windows Server 2008 and technical project lead for the Microsoft Office Communications Server 2007 Resource Kit, both books also from Microsoft Press. For more information on these and other books by Mitch, see www.mtit.com .
Article not looking right or info is missing? Let us know so that we can fix it: .
