A well-written security policy will clearly define the limits of computing infrastructure to the end users. Security policies should be simple and to the point.
- Research any computer security threat or a recent attack. Select one element of the threat or attack (e.g., “Complex Passwords”).
- Write a security policy for your selected element. The scope of this policy should be issue specific.
- Your policy at a minimum should include a title, purpose of the policy, scope, details of the policy, compliance, author, and review date.
- Your policy should be no longer than 500 words and written using an industry standard policy format.