| What is information security policy?Information security | | | | of questions to which company's employees have to |
| policy is a set of suggestions (laws) which company | | | | answer and after that, special information security |
| has to write to make their information system safe | | | | awareness companies process these answers and |
| and immune against malicious attacks!Usally this kind of | | | | write your own (company) information security policy. |
| policy is written to different level employees, but the | | | | Another way to create this policy is to use a special |
| common element in all these policies is - target! | | | | software which automaticaly processes the answers, |
| Policy can include conjuct set of rules about all themes | | | | evaluate the risks and give out a policy. This way is |
| which related with information security and computer | | | | easier and thats also take less time.The policy has to |
| usage or seperated rules about various theme, for | | | | be written in a form that is relevant, accessible and |
| example, e-mail, network or physical security. | | | | understandable to the intended readers! |
| Why a company needs information security policy? | | | | Company gets a policy. What next?! |
| Many information systems have not been designed to | | | | Now a company's manager has to nominate one |
| be secure, but without these systems bussines life is | | | | person who will be responsible for policy writen rules |
| hard to imagine. Increasingly, companies and their | | | | observation. This person has to introduce all |
| information systems and networks are faced with | | | | employees to these rules and also published and make |
| security threats from a wide range of source, including | | | | this policy available. Now this person needs to check |
| computer-assisted fraud, espionage, sabotage, | | | | and control how these rules are implemented in life. |
| vandalism, fire or flood. Sources of damage such as | | | | This person has to be very close to manager and |
| computer viruses, computer hacking and denail of | | | | regulary inform if there is some problems. |
| service attacks have become more common, more | | | | Problems! |
| ambitious and increasingly sophisticated. And to do | | | | Usually problems start whith impementing policy's rules |
| company's information system safe is not enough only | | | | in life. People have to change their daily work |
| with modern technolgies and software, but also | | | | observance and try to work notice these rules. It's |
| everyone in this company need to a part of security | | | | always hard, but there are many ways how to |
| system. | | | | stimulate or even press to do this. This process more |
| Security policy modelling process point to system's | | | | easly makes special e-learning courses which provide |
| weakest area and give advices how to prevent them. | | | | information security awareness companies, for |
| How is a policy created? | | | | example, Infosecuritylab. And also managers can |
| There are different ways how to create a security | | | | develop some kind of bonuss system to employies |
| policy, but the main idea is the same. There are a set | | | | which notice these rules or warnning these who ignore! |