The Role of Information Security Policy

Topics: Information security, Security, Computer security Pages: 4 (1099 words) Published: February 9, 2013
The Role of Information Security Policy

The Role of Information Security Policy
The failure of organizations to implement a comprehensive and robust information security program can mean the untimely demise for some and costly setbacks for others. At the heart of information security is security policy. Without security policy there can be no security program. Without people, security policies would not exist. They would not be written, implemented, and enforced. Security policies and the adoption of standards provide many benefits as shall be discussed in this paper. Further is discussed how information in systems often falls under different classifications to reflect a degree of sensitivity and how this relates to an organization’s security policy. 1.0 Security Policy and Standards

1.1 Defining Information Security Policy
Conklin et al (2012, “Information Security Policy”) states, “policy is the essential foundation of an effective security program,” and “the centrality of information security policies to virtually everything that happens in the information security field is increasingly evident.” Webopedia.com defines security policy as “a document that outlines the rules, laws, and practices for computer network access” (2013, “Security Policy”). The document regulates how an organization will manage, protect, and distribute its sensitive information. Information security policy addresses many issues such as the following: disclosure, integrity, and availability concerns; who may access what information in what manner; maximized sharing versus least privilege; separation of duties; and who controls and who owns the information. 1.2 Defining Information Security Standards

Standards are recommended or imposed practices that should or must be followed. The businessdictionary.com website (2013, “Standards”) defines standards as “written definition, limit, or rule, approved and monitored for compliance by an authoritative agency or...
Continue Reading

Please join StudyMode to read the full document

You May Also Find These Documents Helpful

  • The Role of Information Security Policy Essay
  • The Role Of Information Security Policy Essay
  • Essay on The Role of Information Security Policy
  • Essay about The Role of Information Security
  • Information Security Essay
  • Introduction to the Information Security Policy Essay
  • Sample Information Security Policy Essay
  • Comparisons of Information Security Management Frameworks Essay

Become a StudyMode Member

Sign Up - It's Free