Information Security Policy

Definition: Information Security Policy is a phrase that refers to a set of rules or requirements that govern how an organization can achieve the safe management of its digital resources and assets. The reason for adopting controlling statements is to provide a structure for assuring the confidentiality, integrity and availability of data resources for decision-making. Included in the imperatives for data assurance would be an asset inventory, a comprehensive risk assessment, appropriate use, encryption, incident response, safe work practices, change management, forensics business continuity plans and more. There are a number of models to follow: COBIT, ISO 17799/27000 and FISMA.

Its Relevance: Organizations must acknowledge that they deploy critical computer and network infrastructure in an asymmetric threat environment. In addition, it is a basic fiduciary responsibility of an organization to assure the survival of the business or organization. To do otherwise is negligence. Should it be determined that an organization failed to practice due diligence it might be found liable for losses.

Return from "Information Security Policy" to Words [G - I]