Put simply, a security operations guide is a document that clearly defines your network's security-related policies and procedures. Over the years, I've done security-related consulting for a number of organizations. In these real-world environments, I've always found that the organizations that . . .

Put simply, a security operations guide is a document that clearly defines your network's security-related policies and procedures. Over the years, I've done security-related consulting for a number of organizations. In these real-world environments, I've always found that the organizations that seem to have the best security actually have two security operations guides. One of these guides is intended for the people who are actually in charge of security management. The other is intended for the end users.

The end user security guide is by far the simpler of the two documents. The first company that I saw publish an end user security guide was a large insurance company. It compiled guides that were 10 to 15 pages long. Each of these guides explained exactly what was expected of employees when it came to security. The employees were then required to sign a form saying that they had received a copy of this guide before they were given a user name and password. Although I think this company had the right idea, the guides had small print and a lot of legal mumbo jumbo, and were very hard to read. The company may have kept the lawyers happy, but I doubt many employees actually took the time to read and try to understand the guide.

The link for this article located at TechRepublic is no longer available.