Nine Criteria of Good IT Security Policy

1. Specifying required security features

2. Defining “reasonable expectations” of privacy regarding such issues as monitoring people’s activities

3. Defining access rights and privileges and protecting assets from losses, disclosures, or damages by specifying acceptable use guidelines for users and also, providing guidelines for external communications (networks)

4. Defining responsibilities of all users

5. Establishing trust through an e. ective password policy

6. Specifying recovery procedures

7. Requiring violations to be recorded

8. Providing users with support information

9. Easy to be understood