Policy
Standards
Guidelines
Procedures
Strategy
Metrics
Support
Information Security Articles
   Search






(Your shopping cart is empty)
You are here: Home > Policy
The policy document covers Information Security at a corporate level to ensure the protection of all information assets under the corporation's control

Large "P" policy vs small "p" polices (as covered on the home page) ... in many cases the word "policy" is overused in information security to refer to not only what should truly be a high-level statement but also to what are actually standards and guidelines. So, if you're looking for an information classification policy, or an information asset profiling policy refer to our standards section. If you want an information security labelling and handling policy or a threat risk assessment policy refer to our guidelines section. In many cases you will find that one of our standards or guidelines covers what, from other suppliers, are a whole list of "policies".
Sort By:
Page of 1  
A view of the Policy statement

2. Information Security Policy
Our Price: $US 16.95

This policy was developed in a real world environment and has been used over the last few years to drive the Information Security (IS) Program at a number of large corporations.

The files in this licensed set are:

  • Information Security Policy
  • Implications of the IS Policy
The policy document is purposefully short and to the point (2 pages); the policy statement is a couple of sentences that can be easily understood and remembered. This simple statement drives all activities within the corporation related to the security of information assets (paper or electronic). The applicability section of the policy defines the WHO (personnel) and the WHAT (all information) that are within the scope of the policy. The document also covers the conditions, requirements, and the roles and responsibilities dictated by the policy statement. Since a policy usually requires approval at a CEO or board level it is written so it is unlikely to require updates. Additional details to implement the IS policy, which is where the changes usually occur, are in the supporting documentation: standards, guidelines, and procedures (see the tabs to the upper right). These supporting documents can be updated and approved at the CISO level as authorized in the policy. In many cases a policy must be "sold" to upper management in a company and to the Board of Directors. The "Implications of the IS Policy" document (1 page) is included as a guideline to help present the implications to these groups. Total size: 3 pages
   
 
 About Us
 Privacy Policy
 Send Us Feedback