Summary

  1. Security policies

    • Are distinct from guidelines and standards.

    • Are distinct from procedures and control.

    • Describe security in general terms; they do not describe how to implement.

  2. Policies are important to

    • Assure proper implementation of control.

    • Guide product selection and development process.

    • Demonstrate management support.

    • Avoid Liability.

    • Achieve consistent and complete security, avoiding fragmented efforts.

  3. Policies should be developed

    • Before security problems occur.

    • To avoid liability.

    • After a security breach.

    • To document compliance and demonstrate quality control processes (for example, ISO 9001).

  4. Policies should be developed by

    • Setting the scope and objectives for the policy document.

    • Defining what policies need to be written. ...

Get Writing Information Security Policies now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial