2

INFORMATION SECURITY POLICY BASICS

Information security policy is the general term referring to any document that conveys an element of the security program in order to enforce organizational security goals and objectives. Since this definition covers such a wide array of security policy documents, it is useful to describe the various types of information security policies that an organization may employ.

The terms used below to describe these information security policy types are in general use within the information security industry and will be used consistently throughout this chapter. However, it is not unusual for a specific organization or government agency to have alternative names for the same information security policy types. For ...

Get Information Security Policies, Procedures, and Standards now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.