A security policy should describe how a company addresses security issues and be reviewed regularly. It should also identify assets needing protection, threats, and procedures for security breaches. All employees must understand and adhere to the security policy to share responsibility for security. Top management such as the CEO, CIO, CTO, CSO, and CFO provide leadership over security.
A security policy should describe how a company addresses security issues and be reviewed regularly. It should also identify assets needing protection, threats, and procedures for security breaches. All employees must understand and adhere to the security policy to share responsibility for security. Top management such as the CEO, CIO, CTO, CSO, and CFO provide leadership over security.
A security policy should describe how a company addresses security issues and be reviewed regularly. It should also identify assets needing protection, threats, and procedures for security breaches. All employees must understand and adhere to the security policy to share responsibility for security. Top management such as the CEO, CIO, CTO, CSO, and CFO provide leadership over security.
Security Policy • A security policy should describe how a company addresses security issues
• Though local security policies may vary between
organizations, there are questions all organizations should ask:
1. What assets require protection?
2. What are the possible threats? 3. What should be done in the event of a security breach? https://www.sans.org/information-security-policy Security Policy • A security policy should describe how a company addresses security issues
• Though local security policies may vary between
organizations, there are questions all organizations should ask:
1. What assets require protection?
2. What are the possible threats? 3. What should be done in the event of a security breach? Security Policy • Security policies should be reviewed regularly and updated as necessary.
• You should keep a revision history to track all policy
changes.
• Security is the responsibility of every person within
the company. All employees, including non- computer users, must be trained to understand the security policy and notified of any security policy updates. Top Management • CEO (Chief Executive Officer).