5 STEP SECURITY POLICY

This is the simplest approach to writing a security policy.

1. In words, describe what you need to service. (Servers, routers, databases, etc.)
2. Describe the group of people you need to service. (Deparment, management, users, etc)
3. Describe which service each group needs access to.
4. For each group describe how the service should be kept secure.
5. Write a statement making all other forms of access a violation.

WHOLA! your first piece of security police. Repeat this for all the services and groups. For recovery of a violation see Incident Response Team.