Once an information security policy framework has been established and the decision to develop a new policy (or revise an existing one) is complete, the details of policy development can be addressed. For the purposes of a more complete and clear explanation, it is assumed that new policies will be developed rather than revising existing policies. For policy projects involving the revision of existing policies, the instructions and guidance presented here should be easily transferable to a policy revision project.

Information security policies represent the expectations of senior management as to how the overall security program, system controls, and user behavior should be implemented. These policies are ...

Get Information Security Policies, Procedures, and Standards now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.