Information security policies
- Information security policies
Information security policies are a special type of documented business rule for protecting information and the systems which store and process the information. Information security policies are usually documented in one or more information security policy documents. Within an organization, these written policy documents provide a high-level description of the various controls the organization will use to protect information.
Written information security policy documents are also a formal declaration of management's intent to protect information, and are required for compliance with various security and privacy regulations. Organizations that require audits of their internal systems for compliance with various regulations will often use information security policies as the reference for the audit.
See also
*Business process management
*computer security policy
* Information security
*information security standards
*security policy
External links
* [http://www.sans.org/resources/policies/ The SANS Security Policy Project] provides a set of sample information security policy documents.
* [http://www.yourwindow.to/security-policies Information Security Policies] the complete RUsecure security policy definition document.
Wikimedia Foundation.
2010.
Look at other dictionaries:
Information security — Components: or qualities, i.e., Confidentiality, Integrity and Availability (CIA). Information Systems are decomposed in three main portions, hardware, software and communications with the purpose to identify and apply information security… … Wikipedia
Information security standards — The term standard is sometimes used within the context of information security policies to distinguish between written policies, standards and procedures. Organizations should maintain all three levels of documentation to help secure their… … Wikipedia
Information security audit — An information security audit is an audit on the level of information security in an organization. Within the broad scope of auditing information security there are multiple type of audits, multiple objectives for different audits, etc. Most… … Wikipedia
Information security policy documents — An information security policy document contains the written statements for how an organization intends to protect information. Written information security policy documents are required for compliance with various security and privacy… … Wikipedia
Information Security Oversight Office — The Information Security Oversight Office (ISOO) is responsible to the President of the United States for policy and oversight of the Government wide security classification system and the National Industrial Security Program. Its authority… … Wikipedia
Information security management system — An Information Security Management System (ISMS) is, as the name suggests, a set of policies concerned with information security management. The idiom arises primarily out of ISO/IEC 27001.The key concept of ISMS is for an organization to design … Wikipedia
Security controls — are safeguards or countermeasures to avoid, counteract or minimize security risks. To help review or design security controls, they can be classified by several criteria, for example according to the time that they act, relative to a security… … Wikipedia
Enterprise Information Security Architecture — (EISA) is a part of enterprise architecture focusing on information security throughout the enterprise. Definition Enterprise Information Security Architecture (EISA) is the practice of applying a comprehensive and rigorous method for describing… … Wikipedia
Chief information security officer — A chief information security officer (CISO) is the senior level executive within an organization responsible for establishing and maintaining the enterprise vision, strategy and program to ensure information assets are adequately protected. The… … Wikipedia
Security level management — (SLM) comprises a quality assurance system for electronic information security. The aim of SLM is to display the IT security status transparently across a company at any time, and to make IT security a measurable quantity. Transparency and… … Wikipedia
