Call Us: 888 641 0500
27
OCT
2014

Security Policies, Standards and Procedures: What’s the Difference?

One of the key challenges to developing effective information security policies is agreeing on a proper nomenclature.   Even before writing the first line of a security policy, many organizations get dragged into lengthy discussions regarding the definitions and nuances of these...
11
JUL
2009

Effective Security Policy Management – Part 7

Part 7. A Written Exception Process It may be impossible for every part of the organization to follow all of the information security policies at all times. This is especially true if policies are developed by the legal or information security department without input from...
11
MAY
2009

Effective Security Policy Management – Part 5

Part 5. An Effective Date Range Written information security policies should have a defined “effective date” and “expiration” or “review” date. This is critical so that individuals and organizations know when they are subject to the rules outlined in the policy, and when they can...
11
APR
2009

Effective Security Policy Management – Part 4

4. Targeted User Groups Not all information security policies are appropriate for every role in the company. Therefore, written information security policy documents should be targeted to specific audiences with the organization. Ideally, these audiences should align with...
27
JAN
2009

Effective Security Policy Management – Part 1

How mature is your information security policy program? Do you have a set of outdated documents stored in a binder or intranet site? Or do you have a documented management program that keeps your policies up to date, your users informed and your internal auditors sleeping at...
11
JAN
2005

About Security Policy University

Security Policy University is blog devoted to IT or information security professionals responsible for writing, publishing, maintaining and enforcing information security and data privacy policies. The blog has posts from a variety of experts in the field of information security...