Categories Topics
Information Security Policies

Information Security Policies are higher level statements or rules that employees, contractors or third parties must follow to ensure the protection and security of the organization's assets and information. Policies should also be approved by management, be published, reviewed annually, executed and communicated to personnel.

Information security policies are a part of an effective Information security program and should be managed by a dedicated security organization or role. To make policies most effective, the security organization should ensure policies are reviewed annually and communicated to meet the organization's business objectives.

Policies should also be aligned with regulatory requirements and changes as well as evolving threats. Since Policies are higher level rules, the organization should also develop appropriate standards and procedures that document in more detail how information security policies must be met. Examples can include Windows/UNIX platform or hardening standards, procedures for patching, access control processes, definitions of insecure protocols, encryption algorithms, and secure development processes to name a few.
News Articles
OpenSSL to prenotify distros of severe security fixeswww.zdnet.com9/8/2014
How SMB employees feel about their tech resourceswww.zdnet.com12/20/2013
Don't adapt old IT security policies for BYOD: IBMwww.zdnet.com7/30/2013
The greatest violators of IT cloud security policies: top executiveswww.zdnet.com1/3/2013
New DOD Space Policy Addresses Safety, Security, Accesswww.defense.gov11/21/2012
Writing And Enforcing An Effective Employee Security Policywww.darkreading.com11/16/2012
The Elephant In The Security Monitoring Roomwww.darkreading.com10/21/2012
A False Sense Of Securitywww.darkreading.com10/15/2012