Establishing an Information Security Policy
The information security policy can be a single document stating what is and is not acceptable concerning what information can be divulged to whom. It may also be a collection of policy documents. The purpose of the information security policy is to protect you and your business from harm caused by the actions of employees, contractors, customers, and others who violate the rules.
Following are the particular policy areas examined in this section:
- Overall information security policy
- Internet use
- Remote access
- Acceptable e-mail use
- Instant messaging
- Social media network use
Although this list of examined topics is not exhaustive, it's meant to get you started on the proper path. This section covers a basic framework for your information security policy. Take the time to discuss the information presented in this chapter with your staff as it relates to your business and technical needs.
To begin, let's start with the overall information security policy.
General Information Security Policy
The primary document you will create is the information security policy. This document is typically delivered to employees for acknowledgment and signature. Its scope covers the use of the company's information resources.
The policy should be updated from time to time as your technology needs change. It's important that the employees read the policy document and acknowledge an understanding of its contents by signature.
This type of document typically ...
Get CMS Security Handbook: The Comprehensive Guide for WordPress®, Joomla!®, Drupal™, and Plone® now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.