Security policies–where to start


If you tell IT managers they need to create a formal, written security policy for their company (many small- and mid-sized companies don’t have one) what’s the first thing they’ll say in response?



“Can you show me a template I can use to create one?”


That’s wrong thinking. You don’t want to create your security policy based on some general set of principles abstracted from companies in various business sectors. Instead, you want to base your security policy on your own company’s needs and nothing else. What information assets does your company have that need protecting? What risks do these assets realistically face? Prioritize your assets according to value and risks according to likelihood. Then create a policy that addresses each risk appropriately.

About The Author

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top