Information Security Policy 101

Information Security

You have to start somewhere. All successful information security programs start with policy.

July is “Policy Month” at The Trusted Toolkit! Over the course of this month, I will write a series of short articles around information security policy and provide some samples that you are free to use in your own work.

The Series
Introduction to Information Security Policy (Publish - 7/3)

• What is an information security policy?
• Why do I need security policy?
• Importance of management direction, endorsement and approval

Assess the business (7/5)

• What types of information does the business use?
• How does the business use information?
• What is the law?

Common Information Security Policies

• Acceptable Use Policy (7/6)
• Account Management Policy (7/9)
• Administrator/Special Access Policy (7/10)
• Backup Policy (7/11)
• Data Classification Policy (7/12)
• Incident Management Policy (7/13)
• Network Configuration Policy (7/16)
• Network Access Policy (7/17)
• Password Policy (7/18)
• Physical Security Policy (7/19)
• Mobile Computing Policy (7/20)
• Privacy Policy (7/23)
• Security Training and Awareness Policy (7/24)
• Software Licensing Policy (7/25)
• Vendor/Third-Party Access Policy (7/26)
• Virus Protection Policy (7/27)

Policy approval (7/30)

• What does management need to know?
• How much will this cost?
• Announcement and next steps.

We will kick this thing off by starting with “Introduction to Information Security Policy” outlining what a security policy is, why every company needs one, and what involvement is required by management. As you can see from the schedule above, I will be posting this article tomorrow.

Be sure to subscribe to The Trusted Toolkit Blog and feel free to comment!

NEXT: Information Security Policy 101 – Introduction to Information Security Policy