Sample Information Security Program Charter:: Difference between revisions
No edit summary |
|||
Line 13: | Line 13: | ||
<br> | <br> | ||
<gallery> | <gallery> | ||
Image:Information Security Program Charter.png|Asset Identification and Classification Standard page one of five. | |||
Image:Information Security Program Charter(1).png|Asset Identification and Classification Standard page two of five. | |||
Image:Information Security Program Charter(2).png|Asset Identification and Classification Standard page three of five. | |||
Image:Information Security Program Charter(3).png|Asset Identification and Classification Standard page four of five. | |||
Image:Information Security Program Charter(4).png|Asset Identification and Classification Standard page five of five. | |||
</gallery> | </gallery> |
Revision as of 15:12, 13 January 2014
Sample Information Security Program Charter
This Information Security Program Charter serves as the capstone document for the Information Security Program. Information Security policies define Information Security objectives in topical areas. Information Security standards provide more measurable guidance in each policy area. Information Security procedures describe how to implement the standards.
Objectives
The Information Security Program will reduce vulnerabilities by developing Information Security policies to assess, identify, prioritize, and manage vulnerabilities. The management activities will support organizational objectives for mitigating the vulnerabilities, as well as developing and using metrics to gauge improvements in vulnerability mitigation.
The Information Security Program will counter threats by developing Information Security policies to assess, identify, prioritize, and monitor threats. The monitoring activities will support organizational objectives for deterring, responding to, and recovering from threats. The monitoring activities also will support the development and use of metrics to gauge the level of threat activity and the effectiveness of the Company threat detection and response capabilities.
The Information Security Program will ensure that the Information Security Program Charter and associated policies, standards, guidelines, and procedures are properly communicated and understood by establishing a Security Awareness Program to educate and train the individuals, groups, and organizations covered by the scope of this Information Security Program Charter.
Document Examples
Use these samples as a guide for your policy development. Fully customizable versions are available from The Policy Machine.
-
Asset Identification and Classification Standard page one of five.
-
Asset Identification and Classification Standard page two of five.
-
Asset Identification and Classification Standard page three of five.
-
Asset Identification and Classification Standard page four of five.
-
Asset Identification and Classification Standard page five of five.