Discover Network Security News
Network documentation must include a security operations guide
The end user security guide is by far the simpler of the two documents. The first company that I saw publish an end user security guide was a large insurance company. It compiled guides that were 10 to 15 pages long. Each of these guides explained exactly what was expected of employees when it came to security. The employees were then required to sign a form saying that they had received a copy of this guide before they were given a user name and password. Although I think this company had the right idea, the guides had small print and a lot of legal mumbo jumbo, and were very hard to read. The company may have kept the lawyers happy, but I doubt many employees actually took the time to read and try to understand the guide.