Article Index
Information Security For Business
Introduction
What Is Information Security?
Why Is Information Security Important To Me?
What Is The Best Approach To Provide Security?
What Roles and Responsibilities Should I Consider?
What Security Do I Need?
How Do I Develop My Security Policy?
How Do I Provide Security Solutions?
Further Advice

Page 8 of 10

Information Security For Business

How Do I Develop My Security Policy?

The Security Policy provides an opportunity for top management to set a clear direction and demonstrate their support for and commitment to Information Security.

It should complement the organisation's 'mission' statement and reflect the desire of the business to operate in a controlled and secure manner.

As a minimum the Security Policy should include guidance on the following area:

The importance of information security to the business process.
A statement from top management supporting the goals and principles of information security.
Specific statements indicating minimum standards and compliance requirements for:
- Legal, regulatory and contractual obligations.
- Security awareness and educational requirements.
- Virus prevention and detection.
- Business continuity planning.
Definitions of responsibilities and accountabilities for information security.
Details of the process for reporting suspected security incidents.

An example of a corporate Information Security Policy has been produced .

A free copy is available from DTi on: 020 7215 1962.

<< Prev - Next >>

< Prev		Next >