INFORMATION SECURITY POLICY - A DEVELOPMENT GUIDE
暂无分享,去创建一个
A security policy should fulfill many purposes. It should: protect people and information; set the rules for expected behavior by users, sys‐ tem administrators, management, and security personnel; authorize security personnel to monitor, probe, and investigate; define and au‐ thorize the consequences of violation; define the company consensus baseline stance on se curity; help minimize risk; and help track com‐ pliance with regulations and legislation.
[1] S. Barman,et al. Writing Information Security Policies , 2001 .
[2] John A. Blackley,et al. Information Security Fundamentals , 2003 .