What are the basic things that need to be

What are the basic things that need to be explained to every employee about a security policy? At what point in their employment? Why?

Employees need to be made aware of and adhere to organisational security policies to help with the prevention, detection and reaction to potential threats. Employees should understand security policy standards, procedures, baselines, and guidelines.

We Will Write a Custom Essay Specifically
For You For Only $13.90/page!

order now

New employees should be trained on security policy as soon as possible, ideally prior to accessing the organisational network. If it is not possible for new employees to be fully trained immediately, then they should at least be made aware of key points within a starter pack or induction. It is critical that employees are informed of the seriousness of cybersecurity, and the potential consequences and damages if policies are not adhered to. On completion of training, employees should be certified after a brief assessment, to demonstrate they understand the organisational security policies. Existing employees should be required to periodically refresh their security policy training, for example, biannually or annually, dependent on the sensitivity of data handled.

Basic aspects of a security policy that should be explained to all employees include, but are not limited to:

Acceptable Usage Policy

Data Classification

Notes on this in lecture

Effective password management

Passwords are often the weakest link in a network. Employees must be informed on creating strong and effective passwords which are difficult to compromise. Simple or obvious passwords should be avoided, as well as passwords which are an updated version of a previous password.

Backup and recovery/data management

How data should be stored, how data should not be stored etc.

Email Policy

Mobile Devices

Post-it notes with passwords, notebooks with sensitive information, memory pens, cd’s etc with company data.

Screens should be locked with a password whenever left unattended. Laptops tablets etc should be secured with desk locks. If out of office, devices should be kept on person and shutdown when not in use to make use of drive encryption etc.

Prevention of Scam and Fraud

Not opening unknown links, emails from unknown senders etc.


Information Classification

System Access



Software Licenses

Internet Use

Email Use

Physical Security i.e. laptops locked away, Kensington locks, notebooks, postits withs passwords etc.

Release of information to third parties

Acceptable usage

Device lockdowns, password management, encryption, anti-scam alertness etc



I'm Neil!

Would you like to get a custom essay? How about receiving a customized one?

Check it out