How to Write an Information Security Policy

16.06.2009

Drucken |  Versand |  PDF

This does not mean that the associated information protection goals should be removed from the Information Security Program. It just means that not all security strategy can be documented at the policy level of executive mandate. As the Information Security Program matures, the policy can be updated, but policy updates should not be necessary to gain incremental improvements in security. Additional consensus may be continuously improved using other types of Information Security Program documents.

Supplementary documents to consider are:

-- Descriptions of security responsibilities executed by departments other than the security group. For example, technology development departments may be tasked with testing for security vulnerabilities prior to deploying code and human resources departments may be tasked with keeping accurate lists of current employees and contractors.

-- Descriptions of technical configuration parameters and associated values that have been determined to ensure that management can control access to electronic information assets.

- Workflows demonstrating how security functions performed by different departments combine to ensure secure information-handling.

zurueck
Seite: 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8
weiter
Newsletter von CIO.de
Exklusiv
Exklusiv Blackberry
Wirtschaftsmeldungen
Karriere
Security
Dynamic IT
Healthcare IT
Whitepaper
IT-Berater
Retail-IT
Finance-Forum
SAP

UMFRAGE
Kommt der Verkaufsstart über Online-Shops mit einem Basissortiment von 2500 Artikeln für den Media Markt noch rechtzeitig?
Ja, der starke Markenname wird den Erfolg bringen.
Ja, aber nur wenn das gesamte Sortiment angeboten wird.
Nein, der Zug ist gegenüber der Konkurrenz abgefahren.
Ich bin unentschieden.
» Abstimmen

SERVICE
newsletter » Newsletter xml » RSS-Feed
iGoogle » iGoogle newsletter » News-Feed