Need help with security policies.

[Gettin Phunky <phunkodelic () gmail com>]

I work for a mid size company with about 500 employees and run a
network of 200+ nodes.  I have thus far written a "general usage
policy" for all my users.  It entails general network usage, email
usage, hacking stuff (software, systems, hardware), and there general
IT rights.  It was written in terms of protecting the company form
legal issues and to inform the user of their system rights and what
will happen should those rights be violated.  It was reviewed and
signed off on by managment.  Now all employees who start employement
read it and sign it stating they have read and understand it.

With that being said I am looking at writing general polices for the
company and was wondering where to start.  What type of polices, what
framework (document template), and content should be included.  Is
what I have done already enough?  I don't want to go too deep as we
are only a medium size company with an IT department of three people,
but at the same time I feel we are lacking something

Any advice would be greatly appreciated

Thanks!