Author Archives: David Lineman
Security Policies to implement the DSD Top 35
In July 2011, The Australian Defence Signals Directorate (DSD) published an updated list of their [...]
Does my organization need information security policies?
In general, every business should have some number of information security policies. For example, any [...]
Aren’t information security policies only for large organizations?
Regardless of an organization’s size, industry, geographical location, or the extent to which it uses [...]
Who should develop information security policies?
Ideally, information security policies should be developed by a small team. While there are no [...]
How do we develop information security policies?
There are many excellent references with detailed instructions on how to develop information security policies. [...]
How often should we update information security policies?
A good rule of thumb is this: Information security policy documents should be updated at [...]
What is the difference between security policies, standards and procedures?
Sometimes the nomenclature used to define information security policies and related documentation can be confusing. [...]
Who should read information security policies?
Security policies are generalized requirements that must be written down and communicated to certain groups [...]
What are information security policies?
Information security policies are a special type of documented business rule that provide instructions for [...]