![]() |
Request for Comment 2196, Site Security Handbook, defines a security policy as "a formal statement of rules by which people who are given access to an organization's technology and information assets must abide." For help in developing a security policy, refer to RFCs 2196 and 2504, which are available on the Web at www.ietf.org. Your policy is a living document; update it to reflect changes and review it at least every 3 years, even if there are no changes. |