Developing Effective Information Systems Security Policies
- Abstract
- This paper takes a top-down approach and provides a high-level overview for developing effective information systems policies. The opening section describes the importance of management commitment. A management oversight committee is introduced as the primary team representing an organization for the purposes of implementing an information systems security program based on policy. A general outline for designing an effective information systems security policy is then proposed. Finally, the conditions necessary for effective policies are described.