Six guidance for good IT Security Policy

1. It should announce that a top-level management steering group will be established to support the ISMS framework and periodically review the security policy.

2. It should outline the approach to risk management, the criteria against which risk will be evaluated, the structure of the risk assessment and who will be responsible for it.

3. It should briefly identify specific compliance requirements, such as contingency and business continuity plans, the need for data back-up, avoidance of viruses, access control to systems, and security incident reporting.

4. There should be a clear statement of the requirement that information security continue to be aligned to business goals and that the ISMS be subject to continuous improvement.

5. It should explain that all staff will receive security awareness training and specialized staff will receive more specialized training.

6. It could formally state the commitment to comply with, and achieve certification to, ISO27001.

Bookmark/Search this post with:
  • Delicious
  • Digg
  • StumbleUpon
  • Propeller
  • Reddit
  • Magnoliacom
  • Google
  • Yahoo
  • Technorati

Trackback URL for this post:

http://www.desktopauditing.com/trackback/158

User login

Who's new

  • emineswift55
  • BoopAtteddy
  • johanna amboya
  • Staubsaugerbhru
  • xsaljhp

Who's online

There are currently 0 users and 3 guests online.