Key Elements of an Information Security Policy

Learn about SCADA security policies

Learn the process of developing a SCADA security policy. This skills course covers:
⇒ Developing SCADA security policy
⇒ Security frameworks and strategy
⇒ And more

Start your free trial

1. Introduction

An information security policy is a set of rules enacted by an organization to ensure that all users of networks or the IT structure within the organization’s domain abide by the prescriptions regarding the security of data stored digitally within the boundaries the organization stretches its authority.

An information security policy governs the protection of information, which is one of the many assets a corporation needs to protect. We will discuss some of the most important aspects a person should take into account when contemplating developing an information security policy.

Thinking logically, one would say that a policy should be as broad as the creators want it to be: basically, everything from A to Z in terms of IT security. For that reason, we will be emphasizing a few key elements. However, you should note that organizations have liberty of thought when creating their own guidelines.

2. Elements of an information security policy

2.1 Purpose

Institutions create information security policies for a variety of reasons:

  • To establish a general approach to information security
  • To detect and forestall the compromise of information security such as misuse of data, networks, computer systems and applications.
  • To protect the reputation of the company with respect to its ethical and legal responsibilities
  • To observe the rights of the customers. Providing effective mechanisms for responding to complaints and queries concerning real or perceived non-compliances with the policy is one way to achieve this objective

2.2 Scope

An information security policy should address all data, programs, systems, facilities, other tech infrastructure, users of technology and third parties in (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Dimitar Kostadinov. Read the original post at: