Information Security
Policy
The creation of an Information
Security Policy is an important step towards the effective management
of information across
all levels of an organisation.
It is critical that any Information Security Policy
created by an organsiation is approved by management and it
is subsequently
published and
communicated to all employees.
This document should be maintained and reviewed
regularly and in response to any change in circumstances that may
affect the risks to an organisation's
information. An example here may be the introduction of a web site,
or the use of e-commerce.
|
