Creating Security Policies

Security policies provide the road map for how to protect your network. These guidelines include the acceptable use of technical resources, the security requirements and why a particular policy exists. Without the clear guidelines from a security policy, your library runs the risk of inconsistent implementation of security. The process of creating a security policy provides a unique opportunity to understand the details of your organization’s network.

Why Create Security Policies?

  • Linking network security to your library’s mission. Closing every security loophole and blocking every vector of attack would likely render your network unusable for patrons. Finding the right balance between accessibility and security requires a conversation about the library’s mission and audience.
  • Consistent implementation. A security policy minimizes the risks created by an inconsistent application of security principles.
  • Buy wisely. A security policy can guide your technology purchases.
  • React and recover. A security policy will outline the steps needed to respond to a breach in security or critical system failure.

Key Actions

  • Assemble the appropriate team. Security policies impact every aspect of an organization. Network security involves rather technical subject matter. However, policy­-makers, budgeting, end-­users and technical experts all must be included. By involving the appropriate cross-­section of the organization, the proper security team increases the transparency and understanding of the decision­-making process.
  • Incorporate the overall mission and goals of the library. The security policy must abide by existing policies, rules and regulations, as well as promote the overall mission. Any existing computer use policies should be included.
  • Utilize a policy template. Find an existing security policy for your library, or search for a library with similar needs and ask to see a copy of their security policy. There are also many security policy templates available online.

Further Resources

For additional resources on the topic of creating security policies, check out the Further Resources section.