CHAPTER 10: INFORMATION SECURITY POLICY

Chapter Overview

This chapter introduces the topic of security policies, explaining their importance giving you a baseline from which to build a strong foundation. If you are looking to attain ISO27001 certification then you will need to produce security policies to form your information security management system (ISMS). This chapter is not intended to advise you on how to achieve this level of maturity, but give you an appreciation for why these policies exist and how they can be used to achieve your organisation’s goals and objectives.

It is important that security policies are created in line with the organisation’s culture; they should be an enabler, not a hindrance to staff. For example, if staff ...

Get Information Security A Practical Guide: Bridging the Gap between IT and Management now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.