Users must be made aware of their responsibilities contained within the organisations security policies. The way in which the security policy is communicated is critical in determining its success. Many organisations publish their policy in the staff handbook, which is issued to staff when they join the organisation. Increasingly organisations also post their security policies to the corporate intranet where they can be easily accessed.
To improve the understanding of and compliance with the organisations security policies they need to be proactively communicated to staff. For policies to remain effective staff need reminding about them and their contents three or four times a year. This could be by email or raised at staff meetings.
A security policy summarising user responsibilities which is suitable for issuing to staff can be download below.
Security Policies © C.Stone 1996 - 2011