A security policy
is the essential foundation for an effective and comprehensive security program. A good security policy should be a
high-level, brief, formalized statement of the security practices that management expects employees and
other stakeholders to follow. A security policy
should be concise and easy to understand so that everyone can follow the
guidance set forth in it.
In its basic form, a security policy is a document
that describes an organization’s security requirements.
A security policy
specifies what should be
done, not how; nor does it
specify technologies or specific solutions. The security policy defines a specific set of intentions and
conditions that will help protect an organization’s assets and its ability to
conduct business. It is important to plan an approach to policy development
that is consistent, repeatable, and straightforward.
No comments:
Post a Comment