McLean Report - Research Note

How to Craft Uncompromising Enterprise Security Documents

McLean Report: Research Note

Published: January 02, 2007

Companies the world over are becoming increasingly aware of the existence of security threats and the need to guard against them. The foundation for addressing these threats is a clear set of security policies and standards. Knowing that security policies and standards are needed is good, but knowing what to put in them is vital.

What Goes Into a Security Policy?

The actual corporate security policy, as an aspect of the overall security documents is a relatively short and tightly focused document. Its purpose is to define the company's stance in regards to IT security, not to specify the what, how, and why of the application of the security. The following is an inclusive list of the topics that should be addressed in a security policy:

Purpose. A broad statement indicating that the company is taking steps to ensure that its computing resources and information assets are protected from threats.
Intent. More specific statements...

This article is available in full to members of McLean Report.
Already a member? Please log in.

Username:
Password:

Remember me:

I forgot my password.

E-mail address:

I am not a McLean Report member, but...

I would like to become a member (starting at $495/yr).
I would like to learn more.