Information security policy documents

Information security policy documents

An information security policy document contains the written statements for how an organization intends to protect information. Written information security policy documents are required for compliance with various security and privacy regulations such as HIPAA, GLBA and the Sarbanes-Oxley Act.

Elements of an information security policy document

An ideal information security policy document should contain the following elements:

# Title - Brief description of the document.
# Number - A number or unique identifier for the policy document.
# Author - The author of the document.
# Publish Date - The date the policy has been officially approved.
# Scope - Describes the organizational scope that this policy applies to.
# Policy Text - The written policies.
# Sanctions - Provides information on violations of the written policy.
# Sponsor - The executive sponsor of the policy document.

Types of information security policy documents

* Mobile Computer Policy
* Firewall Policy
* Electronic Mail Policy
* Data Classification Policy
* Network Security Policy
* Internet Acceptable Use Policy
* Password Policy

See also

* Remote Access Policy

External links

* [http://www.sans.org/resources/policies/ The SANS Security Policy Project] provides a free collection of policies and policy templates.


Wikimedia Foundation. 2010.

Игры ⚽ Нужен реферат?

Look at other dictionaries:

  • Information security policies — are a special type of documented business rule for protecting information and the systems which store and process the information. Information security policies are usually documented in one or more information security policy documents. Within… …   Wikipedia

  • Information security — Components: or qualities, i.e., Confidentiality, Integrity and Availability (CIA). Information Systems are decomposed in three main portions, hardware, software and communications with the purpose to identify and apply information security… …   Wikipedia

  • Department of Defense Information Assurance Policy Chart (DoD IA Policy Chart) — is a chart developed by Information Assurance Technolgy Analysis Center (IATAC) [1] for the US Defense wide Information Assurance Program (DIAP) behalf of the Deputy Assistant Secretary of Defense (DASD) for Cyber Identity and Information… …   Wikipedia

  • Information privacy — Information privacy, or data privacy is the relationship between collection and dissemination of data, technology, the public expectation of privacy, and the legal and political issues surrounding them. Privacy concerns exist wherever personally… …   Wikipedia

  • Security as a service — refers to the practice of delivering traditional security applications as an Internet based service, on demand, to consumers and businesses. It is an example of the everything as a service trend and shares many of the common characteristics,… …   Wikipedia

  • Security clearance — For use by the United Nations, see Security Clearance (UN) A security clearance is a status granted to individuals allowing them access to classified information, i.e., state secrets, or to restricted areas after completion of a thorough… …   Wikipedia

  • Security and safety features new to Windows Vista — There are a number of security and safety features new to Windows Vista, most of which are not available in any prior Microsoft Windows operating system release.Beginning in early 2002 with Microsoft s announcement of their Trustworthy Computing… …   Wikipedia

  • Policy — This article is about policies in general. For government policy, see Public policy. For other uses, see Policy (disambiguation). A policy is typically described as a principle or rule to guide decisions and achieve rational outcome(s). The term… …   Wikipedia

  • Security Council of Russia — The Security Council of the Russian Federation (SCRF) (Russian: Совет Безопасности Российской Федерации) is a consultative body of the Russian President that works out the President s decisions on national security affairs. Composed of key… …   Wikipedia

  • Payment Card Industry Data Security Standard — The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard for organizations that handle cardholder information for the major debit, credit, prepaid, e purse, ATM, and POS cards. Defined by the Payment Card… …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”