From the course: Cert Prep: ISC2 Certified in Cybersecurity (CC)
Unlock this course with a free trial
Join today to access over 24,000 courses taught by industry experts.
Best practice security policies
From the course: Cert Prep: ISC2 Certified in Cybersecurity (CC)
Best practice security policies
- Now that you understand the different types of documents that we create as part of the security policy framework, let's spend some time discussing the content of those policies. Every organization is going to need a different set of security policies, but there are some common themes found in most organizations. First, most organizations have an acceptable use policy, or AUP. The purpose of the AUP is to describe what users are permitted to do with the organization's technology assets, and what's prohibited. For example, AUPs often address whether personal use of computers and systems is permitted, and how much personal use is considered acceptable. The AUP also normally contains language that tells users that they may not attempt to access information or systems that they aren't authorized to access and the consequences that will occur if they violate the policy. Data handling policies describe the security…