Once the security policy is established, reviewed as needed,
and approved by the highest levels in the company, it should be clearly
communicated to all users, network staff, and management. Remember, this
training of the employees is the only opportunity to express the importance of
the effort, the seriousness of the company commitment, and the need for their
active participation. Each person should be able to retain for future reference
any appropriate sections, including at least the AUP.
Having all personnel sign a statement that indicates they’ve
read, understood, and agreed to abide by the policy is common practice and
logical. Note, this signing is of questionable value in protecting the company
resources if the policies aren’t explained or treated with respect by
management. The last security policy I signed was a modified distribution list
attached to a stack of papers passed around a conference table. I remember
thinking that because virtually nobody read the attached document, it probably
wasn’t going to modify much existing behavior.
Sections
Comments (0 posted)
Syndication
