Organization of security policy

Members of Group activity-

Daljeet singh
Viraj
gaytri
 Overview/ introduction
A security policy is a document that states in writing how a company plans to protect its physical
and information technology (IT) assets. Security policies are living documents that are
continuously updated and changing as technologies, vulnerabilities and security requirements
change.
 Purpose
A security policy is a written document in an organization outlining how to protect the
organization from threats, including computer security threats, and how to handle situations
when they do occur. A security policy must identify all of a company's assets as well as all the
potential threats to those assets.
 Scope
A security policy (also called an information security policy or IT security policy) is a document
that spells out the rules, expectations, and overall approach that an organization uses to
maintain the confidentiality, integrity, and availability of its data. Security policies exist at many
different levels, from high-level constructs that describe an enterprise’s general security goals
and principles to documents addressing specific issues, such as remote access or Wi-Fi use.
 Policy
A security policy (also called an information security policy or IT security policy) is a document
that spells out the rules, expectations, and overall approach that an organization uses to
maintain the confidentiality, integrity, and availability of its data.
 Definition
A security policy is a document that states in writing how a company plans to protect its physical
and information technology (IT) assets. Security policies are living documents that are
continuously updated and changing as technologies, vulnerabilities and security requirements
change.
 Responsibility
An information security policy is a statement of what you do for information security, not how
you do it. How you do it is covered in processes documents. The information security policy is
shared with employees, customers, third parties, auditors and more to show your approach to
tackling information security. It includes some key elements such as management buy in,
security objectives, roles and responsibilities, monitoring and legal and regulatory obligations. It
is a straight forward document to write.
 Revision history
Develop a prioritized action plan that will help you organize your efforts. Prepare a summary
document of the impact that the information security policy or policies will have on the
institution
A document revision history table will save you a lot of headaches when it is time to send out
your document for review. Reviewers, especially in hi-tech companies, are very busy people.