Quiz Entry - updated: 2026.06.04
For which topics are Issue-Specific Security Policies typically written?
For every recurring usage question where the company needs a stated position — from internet and e-mail use to personal devices and hacking prohibitions.
The classic catalog:
- Use of company-owned networks and the Internet
- Use of telecommunications technologies (fax and phone)
- Use of electronic mail
- Minimum configurations of computers to defend against worms and viruses
- Prohibitions against hacking or testing the organization's security controls
- Home use of company-owned equipment
- Use of personal equipment on company networks (BYOD!)
- Use of photocopy equipment (today: printers/scanners — think data leakage through device memory and unattended printouts)
The common thread: each topic is (1) relevant to many employees, (2) a genuine risk area, and (3) something where "common sense" produces inconsistent answers — exactly when a written position pays off.
Tip: "Prohibitions against testing security controls" protects both sides: employees know pentesting needs authorization, and the company keeps a clean legal basis for sanctions.