Call Us: 888 641 0500
27
JAN
2011

Aren’t information security policies only for large organizations?

Regardless of an organization’s size, industry, geographical location, or the extent to which it uses computers; information security is an important matter that should be addressed by explicit policies. Some experts say that the lack of a well-defined corporate information...
25
JAN
2011

How do we develop information security policies?

There are many excellent references with detailed instructions on how to develop information security policies.  For example, Information Security Policies Made Easy (ISPME) has a detailed, step-by-step guide written by Charles Cresson Wood. In general, the process involves five...
24
JAN
2011

How often should we update information security policies?

A good rule of thumb is this:  Information security policy documents should be updated at least once a year, or whenever a major change occurs in the business that would impact the risk of the organization.  Examples of these changes could be a merger, a new product or line of...
20
JAN
2011

What is the difference between security policies, standards and procedures?

Sometimes the nomenclature used to define information security policies and related documentation can be confusing.  Much of that confusion comes from the fact that the information security industry often uses these terms interchangeably.   At Information Shield, we adopt the...
20
JAN
2011

Who should read information security policies?

Security policies are generalized requirements that must be written down and communicated to certain groups of people inside, and in some cases, outside the organization.   For example, a more general Internet Acceptable Use Policy covering the acceptable use of electronic mail...
20
JAN
2011

What are information security policies?

Information security policies are a special type of documented business rule that provide instructions for how the organization will protect information assets.  Policies are high-level statements that provide guidance to workers who must make present and future decisions.  For...