The IRMA Community
Newsletters
Research IRM
Click a keyword to search titles using our InfoSci-OnDemand powered search:
|
Information Security Policy: The Regulatory Basis for the Protection of Information Systems
Abstract
In this chapter, the reader finds a structured definition to develop, implement, and keep the needed regulatory rules or principles for an Information System Security (ISS). In addition, the reader finds how to ensure the right use of this ISS, as well as in authorization and protection against disaster situations such as an effective system protection when accessing, storing, using, and retrieving the information in normal or contingency situations. This compound is the structure of information security policy that is based on a set of controls as described in NBR ISO/IEC 27002 (ABNT, 2005). The definition of this structure for the information security policy is important because the Norm ABNT (2005) does not indicate nor define—nor explain—how the structure of this policy should be (i.e., which are the fundamental elements and functions, which are the standards of rules for the controls and other practical issues) so that the policy could be effective for the organization. The structure shown in this chapter represents a practical and useful architecture regarding the elements of the information security policy of the organization.
Related Content
|
Dina Darwish.
© 2024.
28 pages.
|
|
Dina Darwish.
© 2024.
28 pages.
|
|
Muhammad Ahmed, Adnan Ahmad, Furkh Zeshan, Hamid Turab.
© 2024.
33 pages.
|
|
Pankaj Bhambri.
© 2024.
17 pages.
|
|
Kaushikkumar Patel.
© 2024.
20 pages.
|
|
Vijaya Kittu Manda, Arnold Mashud Abukari, Vivek Gupta, Madavarapu Jhansi Bharathi.
© 2024.
24 pages.
|
|
Pankaj Bhambri.
© 2024.
17 pages.
|
|
|