Sample Information Systems and Technology Security Policy:

From HORSE - Holistic Operational Readiness Security Evaluation.
Jump to navigation Jump to search

Sample Information Systems and Technology Security Policy

This Information Systems and Technology Security Policy define Company objectives for establishing specific standards on the protection of the confidentiality, integrity, and availability of Company information assets.

Objectives

The information security objectives from a holistic perspective that must be addressed in the subordinate control documents; standards, procedures, and supporting documentation are described as follows.

Asset Identification and Classification: The Asset Identification and Classification standards define Company objectives for establishing specific standards on the identification, classification, and labeling of Company information assets.

Asset Protection: The Asset Protection standards define the Company objectives for establishing specific standards on the protection of the confidentiality, integrity, and availability of Company information assets.

Asset Management: The Asset Management standards define Company objectives for establishing specific standards for the management of the networks, systems, and applications that store, process and transmit Company information assets.

Acceptable Use: The Acceptable Use standards define Company objectives for establishing specific standards on appropriate business use of the Company's information and telecommunications systems and equipment.

Vulnerability Assessment and Management: The Vulnerability Assessment and Management standards define the Company's objectives for establishing specific standards for the assessment and ongoing management of vulnerabilities.

Threat Assessment and Monitoring: The Threat Assessment and Monitoring standards define Company objectives for establishing specific standards for the assessment and ongoing monitoring of threats to Company information assets.

Security Awareness: The Security Awareness standards define Company objectives for establishing a formal Security Awareness Program, and specific standards for the education and communication of the Information Systems and Technology Security Policy and associated policies, standards, guidelines, and procedures.

Document Examples

Use these samples as a guide for your policy development. Fully customizable versions are available from The Policy Machine.