Adsons

    How to Write an Information Security Policy

    Date17 Jun 2009
    11171
    Posted ByDave Wreski
    An Information Security Policy is the cornerstone of an Information Security Program. It should reflect the organization's objectives for security and the agreed upon management strategy for securing information. Here's a great article on how to implement one in the real-world and how to get management to buy in to your plan.

    In order to be useful in providing authority to execute the remainder of the Information Security Program, it must also be formally agreed upon by executive management. This means that, in order to compose an information security policy document, an organization has to have well-defined objectives for security and an agreed-upon management strategy for securing information. If there is debate over the content of the policy, then the debate will continue throughout subsequent attempts to enforce it, with the consequence that the Information Security Program itself will be dysfunctional.

    Printable version

    Comments powered by CComment

    Sidebar Ad

    LinuxSecurity Poll

    Does your company/organization utilize open-source software?

    Message!

    Poll results are hidden from public viewing.

    You are not authorized to vote on this poll.

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).
    /component/communitypolls/?task=poll.vote
    5
    radio
    bottom200