There are many excellent references with detailed instructions on how to develop information security policies. For example, Information Security Policies Made Easy (ISPME) has a detailed, step-by-step guide written by Charles Cresson Wood. In general, the process involves five key steps: First, define what security policies you need to have, either from a regulatory requirement […]
Author Archives: David Lineman
A good rule of thumb is this: Information security policy documents should be updated at least once a year, or whenever a major change occurs in the business that would impact the risk of the organization. Examples of these changes could be a merger, a new product or line of business, a major downsizing or […]
Sometimes the nomenclature used to define information security policies and related documentation can be confusing. Much of that confusion comes from the fact that the information security industry often uses these terms interchangeably. At Information Shield, we adopt the following definitions that have proven effective over the years: Information Security Policies are high-level business rules […]
Security policies are generalized requirements that must be written down and communicated to certain groups of people inside, and in some cases, outside the organization. For example, a more general Internet Acceptable Use Policy covering the acceptable use of electronic mail would need to be read by every person with access to electronic mail. A […]
Information security policies are a special type of documented business rule that provide instructions for how the organization will protect information assets. Policies are high-level statements that provide guidance to workers who must make present and future decisions. For example, policies define not only what the organization will do today, but how it will respond […]
Reports from the last few months have generated another wake-up call for those concerned with the security of the nation’s critical infrastructure. In addition to audit reports of widespread vulnerabilities among agencies managing the infrastructure, the first malicious software was discovered “in the wild” that specifically targets the SCADA system employed to manage these networks. [...]
PolicyShield Security Policy Subscription Addresses Latest Risks of FAX/Printer/Copier Storage HOUSTON, Texas – October 27, 2010 - In response to the increasing risks to personal information left accidentally on multi-function office machines such as printers, FAX and copying machines, the FDIC recently issued new guidance to financial institutions on proper controls for managing these devices. [...]
In August of 2010, the social network IT Toolbox released their latest study on the use of mobile and social media technologies in the enterprise. The survey included over 2200 IT professionals from 109 different countries. One of the areas of the survey included questions about corporate guidance and security policies. While Social media use […]
Why I Love Information Security Policies Being a vendor of information security policy content is somewhat strange. Many times during the week we talk to folks who need to write security policies for their company. The story is often the same: They are staring at the long list of requirements (say from the ISO 27002 [...]
We recently posted a video on how to create a draft information security policy in minutes using templates from Information Security Policies Made Easy. While our libraries contain thousands of individual policy statements, we also provide sample policy documents that you can customize. How to Create a Security Policy in 5 Minutes (or less)