Do you have an IT security policy? If so when was it last reviewed and does it cover you’re current working practices?
An IT security policy is a living document(s) and needs to reflect the systems and services that your company uses.
A security policy is important as it defines what you are securing, why you are securing it and by what methods.
Sample security policies can be downloaded from:
- Internet RFC – http://www.faqs.org/rfcs/rfc2196.html
- SANS – http://www.sans.org/security-resources/policies/
- UK HMG – http://www.cabinetoffice.gov.uk/spf.aspx