--Originally published at Computer Security - Arturo Mendoza
Is a document that states in writing how the user or company plans to protect itself information assets. It have to be updated all the time and explain how the company or user will measure that is working that plan.
The objectives of an IT security policy is the preservation of confidentiality, integrity and availability of systems and information used by all the members of the organization.
- Confidentiality: Involves the protection of assets for unauthorized entities.
- **Integrity: ** Only the authorized user can modify the information.
- **Availability: ** The information is accessible when it is required.
**The specifications of any company policy should be: **
- Objectives
- Scopes
- Specifics goals
- Responsibilities for compliance and actions to be taken in the event of noncompliance.