Sample Information Systems and Technology Security Policy:: Difference between revisions
No edit summary |
No edit summary |
||
Line 1: | Line 1: | ||
== | ==Sample Information Systems and Technology Security Policy== | ||
This Information Systems and Technology Security Policy define Company objectives for establishing specific standards on the protection of the confidentiality, integrity, and availability of Company information assets. | |||
This Information Systems and Technology Security Policy | |||
== | ==Objectives== | ||
The information security objectives from a holistic perspective that must be addressed in the subordinate control documents; standards, procedures, and supporting documentation are described as follows.<br> | The information security objectives from a holistic perspective that must be addressed in the subordinate control documents; standards, procedures, and supporting documentation are described as follows.<br> | ||
<br> | <br> | ||
'''Asset Identification and Classification:''' The Asset Identification and Classification standards define Company objectives for establishing specific standards on the identification, classification, and labeling of Company information assets.<br> | |||
<br> | <br> | ||
The | '''Asset Protection:''' The Asset Protection standards define the Company objectives for establishing specific standards on the protection of the confidentiality, integrity, and availability of Company information assets.<br> | ||
<br> | <br> | ||
The | '''Asset Management:''' The Asset Management standards define Company objectives for establishing specific standards for the management of the networks, systems, and applications that store, process and transmit Company information assets.<br> | ||
<br> | <br> | ||
'''Acceptable Use:''' The Acceptable Use standards define Company objectives for establishing specific standards on appropriate business use of the Company's information and telecommunications systems and equipment.<br> | |||
<br> | <br> | ||
'''Vulnerability Assessment and Management:''' The Vulnerability Assessment and Management standards define the Company's objectives for establishing specific standards for the assessment and ongoing management of vulnerabilities.<br> | |||
<br> | <br> | ||
'''Threat Assessment and Monitoring:''' The Threat Assessment and Monitoring standards define Company objectives for establishing specific standards for the assessment and ongoing monitoring of threats to Company information assets.<br> | |||
<br> | <br> | ||
'''Security Awareness:''' The Security Awareness standards define Company objectives for establishing a formal Security Awareness Program, and specific standards for the education and communication of the Information Systems and Technology Security Policy and associated policies, standards, guidelines, and procedures.<br> | |||
<br> | <br> | ||
==Document Examples== | |||
Use these samples as a guide for your policy development. Fully customizable versions are available from [http://policy-machine.com The Policy Machine].<br> | |||
<br> | <br> | ||
<gallery> | |||
Image:Information Systems and Technology Security Policy.png|Information Systems and Technology Security Policy page one of six. | |||
Image:Information Systems and Technology Security Policy(1).png|Information Systems and Technology Security Policy page two of six. | |||
Image:Information Systems and Technology Security Policy(2).png|Information Systems and Technology Security Policy page three of six. | |||
Image:Information Systems and Technology Security Policy(3).png|Information Systems and Technology Security Policy page four of six. | |||
Image:Information Systems and Technology Security Policy(4).png|Information Systems and Technology Security Policy page five of six. | |||
Image:Information Systems and Technology Security Policy(4).png|Information Systems and Technology Security Policy page six of six. | |||
</gallery> | |||
[[File:Information Systems and Technology Security Policy.png]] | |||
[[File:Information Systems and Technology Security Policy(1).png]] | |||
[[File:Information Systems and Technology Security Policy(2).png]] | |||
[[File:Information Systems and Technology Security Policy(3).png]] | |||
[[File:Information Systems and Technology Security Policy(4).png]] | |||
[[File:Information Systems and Technology Security Policy(5).png]] | |||
Revision as of 15:30, 13 January 2014
Sample Information Systems and Technology Security Policy
This Information Systems and Technology Security Policy define Company objectives for establishing specific standards on the protection of the confidentiality, integrity, and availability of Company information assets.
Objectives
The information security objectives from a holistic perspective that must be addressed in the subordinate control documents; standards, procedures, and supporting documentation are described as follows.
Asset Identification and Classification: The Asset Identification and Classification standards define Company objectives for establishing specific standards on the identification, classification, and labeling of Company information assets.
Asset Protection: The Asset Protection standards define the Company objectives for establishing specific standards on the protection of the confidentiality, integrity, and availability of Company information assets.
Asset Management: The Asset Management standards define Company objectives for establishing specific standards for the management of the networks, systems, and applications that store, process and transmit Company information assets.
Acceptable Use: The Acceptable Use standards define Company objectives for establishing specific standards on appropriate business use of the Company's information and telecommunications systems and equipment.
Vulnerability Assessment and Management: The Vulnerability Assessment and Management standards define the Company's objectives for establishing specific standards for the assessment and ongoing management of vulnerabilities.
Threat Assessment and Monitoring: The Threat Assessment and Monitoring standards define Company objectives for establishing specific standards for the assessment and ongoing monitoring of threats to Company information assets.
Security Awareness: The Security Awareness standards define Company objectives for establishing a formal Security Awareness Program, and specific standards for the education and communication of the Information Systems and Technology Security Policy and associated policies, standards, guidelines, and procedures.
Document Examples
Use these samples as a guide for your policy development. Fully customizable versions are available from The Policy Machine.
-
Information Systems and Technology Security Policy page one of six.
-
Information Systems and Technology Security Policy page two of six.
-
Information Systems and Technology Security Policy page three of six.
-
Information Systems and Technology Security Policy page four of six.
-
Information Systems and Technology Security Policy page five of six.
-
Information Systems and Technology Security Policy page six of six.