--Originally published at TC2027 – Titel der Website
A security policy describes the aspired security claim of an institution for example company or association. The word safety means normally information security. The focus today is in the field of electronic data processing and the associated security requirements. This is based on the assumption or fact that information represents a value or their protection is required by law or regulation.
In the context of information security, the meaning and purpose of a security policy can be comprehensively described with the provision of confidentiality, integrity, availability and authenticity of the information. The security policy is passed by the management of a institution and is adopted and exemplified by the management. It must be noted, understood and followed by all members of the institution.
A security policy defines the information security goals chosen by the institution as well as the information security strategy pursued.
The most essential contents are:
- Importance of information security and importance of IT for task goal
- Naming the security objectives and describing the security strategy
- Description of the organizational structure
- Assurance that the security policy is enforced by the management and that violations are sanctioned wherever possible
- Statements on the periodic review of security measures
- Responsibilities in the information security process