~3-page information security policy template on information/IT systems.
Information risks relating to information/IT systems must be identified, evaluated and treated appropriately, using suitable information security controls to mitigate unacceptable risks where applicable.
Securing an information system goes beyond merely securing the computer/technology itself (the 'cybersecurity' elements), although that is if course a major part. The way the system is used, monitored, managed and maintained is equally important.
Supplied as an MS Word document, readily customised for your organisation's specific situation.
Information systems security policy
Information security policy template on IT/information systems
See also the policies on:
- Information governance
- Information ownership
- Information risk management
- Information classification
- Database security
- Information security architecture and design
- Network security
- Information integrity
- Access control
- Identification and authentication
- Backups and archives
- Email and interpersonal messaging
- BYOD security
- IoT security
- IT systems development and acquisition
- IT systems implementation
- Change and configuration management
- IT auditing