A security policy is basically a plan outlining and identifying the company's critical assets. The policy states in writing how these critical assets must and will be protected. The main purpose is to provide staff with a brief overview of the acceptable use of any of the information assets, as well as to explain in detail what is deemed as allowable and what is not. By doing this, you are engaging the staff in the securing of the company's critical systems.
The security policy document acts as a mandatory source of information for everyone using the systems and resources that have been defined as potential targets. A well-developed policy should address the following elements:
How will sensitive information be handled?
How will IDs and passwords be properly maintained?
How will the company respond to a potential security incident, such as intrusion attempts, spam, and so on?
How will the workstations and Internet connectivity be used in a secure manner?
How will the corporate e-mail be properly used and enforced?
Outline a security policy for GCI that addresses the above topics in a Word document of 3-5 pages (excluding title and reference pages).