Category Archives: Security Policy FAQ
Aren’t information security policies only for large organizations?
Regardless of an organization’s size, industry, geographical location, or the extent to which it uses [...]
How do we develop information security policies?
There are many excellent references with detailed instructions on how to develop information security policies. [...]
How often should we update information security policies?
A good rule of thumb is this: Information security policy documents should be updated at [...]
What is the difference between security policies, standards and procedures?
Sometimes the nomenclature used to define information security policies and related documentation can be confusing. [...]
Who should read information security policies?
Security policies are generalized requirements that must be written down and communicated to certain groups [...]
What are information security policies?
Information security policies are a special type of documented business rule that provide instructions for [...]