A network security policy:

  • must be comprehensive
  • must allow each department proper access

For example, a security policy might allow Sales personnel to browse the Internet, but not allow downloading of files using ftp.