Information Security Policies and Electronic Policies

In the previous section, it is suggested that more than one document is necessary to communicate and implement security in your organization. One of those documents is an e-policy document. E-policies translate information security policies into specific, measurable objectives for your IT staff. Table 18-1 provides some examples.

Table 18-1. E-Policy Examples

Information security policy

Electronic policy

Administrative and service account passwords must never be in a readable form outside the servers or a physically secure environment.

Administrative and service account passwords can never be written down unless such documentation is secured in the IT vault. Passwords can be read and communicated ...

Get Microsoft® Exchange Server 2007 Administrator's Companion now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.