Professional Documents
Culture Documents
A security policy is a document or set of documents that
describes, at a high level, the security controls that will be
implemented by the company.
Policies are not technology specific and do three things for
an organization:
Reduce or eliminate legal liability to employees and third parties.
Protect confidential, proprietary information from theft, misuse,
unauthorized disclosure or modification.
Prevent waste of company computing resources.
Information Security Policies
There are two types of basic security policies:
Technical Security Policies:
Includes how technology should be configured and
used.
Administrative Security Policies:
Includes how people (both end users and
management) should behave / respond to security.
Information Security Policies
Below is the list of some of the security policies that an organization may have
Below is the list of some of the security policies that an organization may have
Encryption Policy How data are encrypted, the encryption methods used etc.