Tag

4. Targeted User Groups Not all information security policies are appropriate for every role in the company. Therefore, written information security policy documents should be targeted to specific audiences with the organization. Ideally, these audiences should align with...

Part 3. Defined Management Structure To help keep information security policies readable and manageable, it is important to keep the information “level” consistent among the various document types. In other words, it is not advisable to mix policies, procedures, standards and...

Part 2 of 7: Seven Elements of an Effective Information Security Policy Management Program Effective Security Policies Part 2. Defined Policy Document Ownership Security Policies can be viewed as contract between senior management, employees and third-parties about the ways in...

Last month we discussed the security policy problems revealed within the department of Veteran’s Affairs (VA) in the wake of the highly public data breach, including the firing of two employees responsible for information security. Over the last month, employees at both AOL...