Sample Information Security Program Charter:: Difference between revisions

From HORSE - Holistic Operational Readiness Security Evaluation.
Jump to navigation Jump to search
No edit summary
No edit summary
 
(2 intermediate revisions by the same user not shown)
Line 13: Line 13:
<br>
<br>
<gallery>
<gallery>
File:Information Security Program Charter.png|Asset Identification and Classification Standard page one of five.
Image:Information Security Program Charter.png|Asset Identification and Classification Standard page one of five.
File:Information Security Program Charter(1).png|Asset Identification and Classification Standard page two of five.
Image:Information Security Program Charter(1).png|Asset Identification and Classification Standard page two of five.
File:Information Security Program Charter(2).png|Asset Identification and Classification Standard page three of five.
Image:Information Security Program Charter(2).png|Asset Identification and Classification Standard page three of five.
File:Information Security Program Charter(3).png|Asset Identification and Classification Standard page four of five.
Image:Information Security Program Charter(3).png|Asset Identification and Classification Standard page four of five.
File:Information Security Program Charter(4).png|Asset Identification and Classification Standard page five of five.
Image:Information Security Program Charter(4).png|Asset Identification and Classification Standard page five of five.
</gallery>
</gallery>

Latest revision as of 15:19, 13 January 2014

Sample Information Security Program Charter

This Information Security Program Charter serves as the capstone document for the Information Security Program. Information Security policies define Information Security objectives in topical areas. Information Security standards provide more measurable guidance in each policy area. Information Security procedures describe how to implement the standards.

Objectives

The Information Security Program will reduce vulnerabilities by developing Information Security policies to assess, identify, prioritize, and manage vulnerabilities. The management activities will support organizational objectives for mitigating the vulnerabilities, as well as developing and using metrics to gauge improvements in vulnerability mitigation.

The Information Security Program will counter threats by developing Information Security policies to assess, identify, prioritize, and monitor threats. The monitoring activities will support organizational objectives for deterring, responding to, and recovering from threats. The monitoring activities also will support the development and use of metrics to gauge the level of threat activity and the effectiveness of the Company threat detection and response capabilities.

The Information Security Program will ensure that the Information Security Program Charter and associated policies, standards, guidelines, and procedures are properly communicated and understood by establishing a Security Awareness Program to educate and train the individuals, groups, and organizations covered by the scope of this Information Security Program Charter.

Document Examples

Use these samples as a guide for your policy development. Fully customizable versions are available from The Policy Machine.