Information Security Policy
Security Policies. Policies represent the corporate philosophy of an organization. They provide management the direction and support needed to perform their day-to-day duties. In the case of information security, an information security policy helps provide direction in accordance with business requirements, standards, laws, and regulations.
Policies should be established in line with business objectives. For example, management demonstrates support for and commitment to information security through the issuance and maintenance of an information security policy.
Leading organizations use an information security policy to define information security and establish the framework for setting control objectives within an organization. Policies help organizations ensure that preventative, detective, and corrective controls are in place and operating as desired.