Tag

A good rule of thumb is this:  Information security policy documents should be updated at least once a year, or whenever a major change occurs in the business that would impact the risk of the organization.  Examples of these changes could be a merger, a new product or line of...

Part 6. A Verified Audit Trail Security policy documents will not be effective unless they are read and understood by all members of the target audience intended for each document. For some documents, such as Internet Acceptable Use or Code of Conduct, the target audience is...

Legal precedents are beginning to dictate a new standard for the notification of policy changes to your customers and employees. In the “old days” organizations would post changes to information security policies on the corporate intranet, and perhaps even notify...