Talk With an Expert

Information Security Policy - A Development Guide for Large and Small Companies

Information Security Policy - A Development Guide for Large and Small Companies (PDF, 2.01MB)Published: 02 Mar, 2004
Created by
Sorcha Diver

A security policy should fulfill many purposes. It should: protect people and information; set the rules for expected behaviour by users, system administrators, management, and security personnel; authorize security personnel to monitor, probe, and investigate; define and authorize the consequences of violation; define the company consensus baseline stance on security; help minimize risk; and help track compliance with regulations and legislation.