An informational asset security policy describes the overall security related orientations adopted by the organization. It defines the rules governing the utilization of the organization’s computer resources.
A security policy usually contains the following elements:
- A description of what the employees are authorized and not-authorized to do;
- The responsibilities of all those involved;
- Sanctions that apply in case of non-compliance;
- Identity of employees in charge of IT monitoring whose responsibility it is to detect weaknesses and potential flaws in the applications and hardware used;
- A description of what has to be done in case such a weakness or flaw is detected.
|
