What Are Information Systems Security Policies?
Security policies are actually a collection of several documents. They generally start with a set of principles that communicate common rules across the enterprise. It is these principles that governance routines use to interpret more detailed policies. Principles are expressed in simple language. An example may be an expression of risk appetite by employing the “need-to-know” approach to the granting of access. From these security principles flow security policies that detail how the principles are put into practice.
When combined, these policy documents outline the controls, actions, and processes to be performed by an organization. An example is the requirement that a customer provide a receipt ...
Get Security Policies and Implementation Issues, 3rd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.