Author Archives: David Lineman

Security Policies to implement the DSD Top 35

In July 2011, The Australian Defence Signals Directorate (DSD) published an updated list of their [...]

Does my organization need information security policies?

In general, every business should have some number of information security policies.  For example, any [...]

Aren’t information security policies only for large organizations?

Regardless of an organization’s size, industry, geographical location, or the extent to which it uses [...]

Who should develop information security policies?

Ideally, information security policies should be developed by a small team.  While there are no [...]

How do we develop information security policies?

There are many excellent references with detailed instructions on how to develop information security policies.  [...]

How often should we update information security policies?

A good rule of thumb is this:  Information security policy documents should be updated at [...]

What is the difference between security policies, standards and procedures?

Sometimes the nomenclature used to define information security policies and related documentation can be confusing.  [...]

Who should read information security policies?

Security policies are generalized requirements that must be written down and communicated to certain groups [...]

What are information security policies?

Information security policies are a special type of documented business rule that provide instructions for [...]