Dan Swall

Security policies and procedures are necessary this day and age primarily for monetary reasons. The monetary reasons encompass everything from everything from extortion, wasted resources and the ever popular lawsuits. System policies are installed in place to prevent employees from pissing away hours on ebay or sports websites while they suck down clock time, or installing resource wasting garbage like games, solitare and screensavers. Policies aren't entirely digital either; they can also describe how certail papers and reports are delivered and read around the workplace. Take TPS reports for example, they NEED clear coversheets or they might as well be a stack of blank paper. Clear cover sheets being required is a fine example of a policy. 

A good example of a procedure would be PTI's requirement to request to print jobs of more that 100 pages or to print color, wasting a piece of paper PER job to request to make a DRAFT of a color print, and then an additional useless form to make drafts after that and then a final print. This of course is an extreme use of procedure because even at a moderatley sized school like this, one student's tuition would be more than satisfactory to keep the school covered on colored toner for an easy two years. $40k buys a lot of color toner. A soft procedure would be only allowing logons during certail times in the work place. This facilitates good security because anybody that hacks or compromises the network during unorthodox times could not gain access to the network due to the logon being restricted. Another soft procedure would be to enable printer queues to prevent chaos when print jobs are sent through to the printer.