Identify What Is to Be Protected
In the first few pages of this book, I have repeated that the information security policies must protect the company’s mission or business process. I did this because it is a common mistake to try to look at the computers and software from a technical point of view instead of why they were purchased. If you remember that computers are the tools for processing the company’s intellectual property, the disks are for storing that property, and the networks are for allowing that information to flow through the various business processes, then you are well on your way to writing coherent, enforceable security policies.
Hardware and Software
Supporting those business processes are the hardware and software components ...
Get Writing Information Security Policies now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.