6.1. What Policies Do You Need?
The Internet resources mentioned in the section "Getting Started: Standards and Web Resources," later in this chapter, illustrate that you can find a lot of different policy types available. The ones that you end up implementing depend on the type of business you're in and the specific security concerns for your organization. Just about every organization requires some types of policies, but some policies may be critical in one company but completely insignificant in another.
Depending on the specific needs of your company, you might have some, all, or none of these policies. Every organization is different, so make sure that before sitting down to address your policy needs, you first figure out the risks and goals of your company.
6.1.1. Acceptable use policy
One of the more commonly implemented policies in corporations today, this policy explains to end users the activities in which they can participate while using corporate assets and services. These assets and services might include a laptop or desktop computer, the company's e-mail and Internet access, specific software, and more. Many companies use the acceptable use policy as the primary communication vehicle for informing end users of what they can and can't do electronically while on company time or while using company assets or network resources.
6.1.2. Antivirus policy
An antivirus (AV) policy generally specifies that every machine should have an installed, running, and up-to-date ...