Information security policies

From Wikipedia, the free encyclopedia

Information security policies are a special type of documented business rule for protecting information and the systems which store and process the information. Information security policies are usually documented in one or more information security policy documents. Within an organization, these written policy documents provide a high-level description of the various controls the organization will use to protect information.

Written information security policy documents are also a formal declaration of management's intent to protect information, and are required for compliance with various security and privacy regulations. Organizations that require audits of their internal systems for compliance with various regulations will often use information security policies as the reference for the audit.

[edit] See also

[edit] External links

The SANS Security Policy Project provides a set of sample information security policy documents.
Information Security Policies the complete RUsecure security policy definition document.

Categories: Data security

Views

Interaction

Search

This page was last modified 07:43, 27 March 2008 by Anonymous user(s) of Wikipedia. Based on work by Wikipedia user(s) Kuru, DJ Lineman, ReeseM, Zidane tribal, GlenPeterson, Scarykitty and Alaibot.
All text is available under the terms of the GNU Free Documentation License. (See Copyrights for details.)
Wikipedia® is a registered trademark of the Wikimedia Foundation, Inc., a U.S. registered 501(c)(3) tax-deductible nonprofit charity.
About Wikipedia
Disclaimers