Is it possible to declare some security policies as more critical than others? When it comes to protecting sensitive data, all security policies are important to reduce the risk of loss. However, when we look at risk mitigation from the perspective of stopping the latest attacks, some security controls rise to the top. In September […]
Tag Archives: developing security policies
Part 2 of 7: Seven Elements of an Effective Information Security Policy Management Program Effective Security Policies Part 2. Defined Policy Document Ownership Security Policies can be viewed as contract between senior management, employees and third-parties about the ways in which the organization will protect information. By definition, a contract is between parties, and in […]
How mature is your information security policy program? Do you have a set of outdated documents stored in a binder or intranet site? Or do you have a documented management program that keeps your policies up to date, your users informed and your internal auditors sleeping at night? This is the first article in the [...]
Some organizations still receive little management support or funding for a sound information security policy program. Within the last several years, however, numerous federal, state and international regulations have been passed that require the protection of information. Many organizations are now enhancing their information security policies in response to legal and regulatory requirements. In some […]