Security policy

A security policy (including security policy, security policy) describes the sought safety claim an institution ( authority, company, association, etc.). Certainly here usually meant information security. The focus is today in the field of electronic data processing and the associated safety requirements. Here, the assumption or fact underlies that information per se represent a value or their protection is required by law or regulation.

In the context of information security, meaning and purpose of a security policy can describe the information comprehensively with the guarantee of availability, integrity, confidentiality and authenticity ( VIVA ). The security policy is so adopted and practiced by the management of the institution, in company by the Board or by the management. It must be used by all members of the institution to note, understood and observed. Violators will be punished to the extent possible.

Content

A security policy defines the objectives chosen by the institution for information security information security strategy and the strategy pursued. List of the main content ( not exhaustive ):

• Importance of information security and importance of IT (Information Technology) for the completion
• Designation of the security objectives and description of the security strategy
• Description of the organizational structure
• Assurance that the security policy from the management level is enforced and violations will be sanctioned as far as possible
• Statements for the periodic review of the security measures
• Statements about programs to promote information security training and awareness measures ( preservation and promotion of awareness)
• Responsibilities in the information security process