November 2001
Intermediate to advanced
240 pages
6h 27m
English
The Information Security Department is responsible for implementing and maintaining organization-wide information security policies, standards, guidelines, and procedures. They should provide security awareness education and ensure that everyone knows his or her role in maintaining security. Simply, the Information Security Department provides the mechanisms that support the security program outlined by the policy.
This department must be able to strike a balance between education and enforcement (see the “Security Awareness Education” section that follows). It will be difficult to find this balance. The policies guiding this group should be written down to ensure that these roles are clearly defined. ...
Read now
Unlock full access