Up One Level


Information Security Policy

 

Information Security Policy is an organisational document usually ratified by senior management and distributed throughout an organisation to anyone with access rights to the organisation's IT systems or information resources.

The Information Security Policy aims to reduce the risk of, and minimise the effect (or cost) of, security incidents. It establishes the ground rules under which the organisation should operate its information systems. The formation of the Information Security Policy will be driven by many factors, a key one of which is risk. How much risk is the organisation willing and able to take?

The individual Information Security Policies should each be observed by personnel and contractors alike. Some policies will be observed only by persons with a specific job function, e.g. the System Administrator; other Policies will be complied with by all members of staff.

Compliance with the organisation's Information Security Policy should be a incorporated with both the Terms and Conditions of Employment and also their Job Description.


*** The Information Security Glossary ***
Previous PageTop of this pageNext Page



Buy Now:

 

This Glossary forms part of the RUsecure Security Policy Suite... visit RUsecure Security Policy World
Use of the guidance contained within RUsecure™ is subject to the End User Licence Agreement
This site created with EasyHTMLHelp(tm) for MS Word
 Risk Associates: Resources for Security Risk Analysis, ISO 17799 / BS7799, Security Policies and Security Audit