This policy, a necessary part of an organization’s security strategy, outlines intranet and internet security procedures for responding to new risks and threats.
In this sample, the company is responsible for properly securing the data maintained in and transmitted by its computing systems and telecommunication networks. The computer networks introduce new resources and new services through intranet and internet connectivity. This connectivity not only results in new capabilities, but also in new risks and threats. The scope of this policy includes security threats, management controls required for access security, information confidentiality and protection, expectation of privacy, contacts for security issues and questions, etc.