  
|
|
|
|
Information Security Policy
Information Security Policy is an organisational document usually ratified by senior management and distributed throughout an organisation to anyone with access rights to the organisation's IT systems or information resources. The Information Security Policy aims to reduce the risk of, and minimise the effect (or cost) of, security incidents. It establishes the ground rules under which the organisation should operate its information systems. The formation of the Information Security Policy will be driven by many factors, a key one of which is risk. How much risk is the organisation willing and able to take? The individual Information Security Policies should each be observed by personnel and contractors alike. Some policies will be observed only by persons with a specific job function, e.g. the System Administrator; other Policies will be complied with by all members of staff. Compliance with the organisation's Information Security Policy should be a incorporated with both the Terms and Conditions of Employment and also their Job Description.
|
|
|
|
| 
|
|
|
This Glossary forms part of the RUsecure Security Policy Suite... visit
|
|
Use of the guidance contained within RUsecure™ is subject to the
|
|
|
See also the
|
This site created with
|
