Information Security For Business

How Do I Develop My Security Policy?

The Security Policy provides an opportunity for top management to set a clear direction and demonstrate their support for and commitment to Information Security.

It should complement the organisation’s ‘mission’ statement and reflect the desire of the business to operate in a controlled and secure manner.

As a minimum the Security Policy should include guidance on the following area:

  • The importance of information security to the business process.
  • A statement from top management supporting the goals and principles of information security.
  • Specific statements indicating minimum standards and compliance requirements for:
    • Legal, regulatory and contractual obligations.
    • Security awareness and educational requirements.
    • Virus prevention and detection.
    • Business continuity planning.
  • Definitions of responsibilities and accountabilities for information security.
  • Details of the process for reporting suspected security incidents.

Read the next part of the Information Security for Business guide – How Do I Provide Security Solutions?

1 2 3 4 5 6 7 8 9

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>