This sample policy is designed to help organizations notify information system users about security policies, guidelines for acceptable use, and business risks or technological hazards.

In this sample, briefings should be concise and provide a clear outline of requirements; a combination of verbal and written security briefings is favored; newsletters and staff bulletins should include security articles, puzzles, competitions, quizzes, cartoons and case histories; reminder notices placed on computer screens, electronic mail and voicemail serve as useful reminders and should be changed frequently to retain impact; and analysis of incidents and risk assessments may be issued periodically.