LOGBOOK

HELP

Quiz Entry - updated: 2026.06.04

For which topics are Issue-Specific Security Policies typically written?

For every recurring usage question where the company needs a stated position — from internet and e-mail use to personal devices and hacking prohibitions.

The classic catalog:

  • Use of company-owned networks and the Internet
  • Use of telecommunications technologies (fax and phone)
  • Use of electronic mail
  • Minimum configurations of computers to defend against worms and viruses
  • Prohibitions against hacking or testing the organization's security controls
  • Home use of company-owned equipment
  • Use of personal equipment on company networks (BYOD!)
  • Use of photocopy equipment (today: printers/scanners — think data leakage through device memory and unattended printouts)

The common thread: each topic is (1) relevant to many employees, (2) a genuine risk area, and (3) something where "common sense" produces inconsistent answers — exactly when a written position pays off.

Tip: "Prohibitions against testing security controls" protects both sides: employees know pentesting needs authorization, and the company keeps a clean legal basis for sanctions.

From Quiz: ISM / Policies, Concepts & Guidelines | Updated: Jun 04, 2026