Implementing an Information Security Management System within a company is not a simple process. But as all things, it needs to begin somewhere and the right place to begin is at the top.
All information security efforts should start with a strong top management commitment. This commitment is usually communicated via the Information Security Policy.

The Policy needs to be concise, easily readable by all employees and should clearly express the following statements:

• Management is very serious about Information Security
• All employees are responsible for and must enforce Information Security
• Operational responsibility and guidelines for the Information Security Management will be delegated to the named persons and via the named documents

The Policy should be an internal document, available and emphasized on the intranet and if possible on the public web site.

And if you think that by now everyone should have this done, think again. A lot of fairly large organizations don't have this document created and communicated. The freshest example is the City of San Francisco, which apparently did not have a proper policy in place.

Information Security Short Takes has prepared a Template document, that you can download and use as a basis for your own Information Security Policy.

Download the Information Security Policy Template HERE


Related posts
Template to Regulate your Firewall Configurations

Talkback and comments are most welcome