Category Archives: Security Policy FAQ

Aren’t information security policies only for large organizations?

Regardless of an organization’s size, industry, geographical location, or the extent to which it uses [...]

How do we develop information security policies?

There are many excellent references with detailed instructions on how to develop information security policies.  [...]

How often should we update information security policies?

A good rule of thumb is this:  Information security policy documents should be updated at [...]

What is the difference between security policies, standards and procedures?

Sometimes the nomenclature used to define information security policies and related documentation can be confusing.  [...]

Who should read information security policies?

Security policies are generalized requirements that must be written down and communicated to certain groups [...]

What are information security policies?

Information security policies are a special type of documented business rule that provide instructions for [...]