As simple as it sounds, different organizations need different types and levels of security. To effectively deliver security, you must set reasonable goals. Ask yourself the following questions before deciding how to proceed with your security and acceptable-use policies:
What is expected of your system/network? Are these expectations realistic?
What are the threats to your business? Your network?
What are your experiences with security incidents?
How important is the information you keep online?
Are your business requirements realistic?
Do you consider security when employing new systems or new employees?
The answers to these questions will help you choose the way forward. Try to set reasonable goals—goals ...