Iso 27000

Solo disponible en BuenasTareas
  • Páginas : 2 (288 palabras )
  • Descarga(s) : 4
  • Publicado : 1 de junio de 2010
Leer documento completo
Vista previa del texto
The following is a sample information security policy statement.


The objective of information security is to ensure the business continuity of Organization X and to minimize the riskof damage by preventing security incidents and reducing their potential impact.


• The policy’s goal is to protect the organization’s informational assets[1] against all internal,external, deliberate or accidental threats.

• The Chief Executive Officer must approve the information security policy

• The security policy ensures that:

o Information will beprotected against any unauthorized access;

o Confidentiality of information will be assured;

o Integrity of information will be maintained;

o Availability of information forbusiness processes will be maintained;

o Legislative and regulatory requirements will met;

o Business continuity plans will be developed, maintained and tested[2];

o Informationsecurity training will be available for all employees;

o All actual or suspected information security breaches will be reported to the Information Security Manager and will be thoroughlyinvestigated.

• Procedures exist to support the policy, including virus control measures, passwords and continuity plans.

• Business requirements for availability of information and systemswill be met.

• The Information Security Manager is responsible for maintaining the policy and providing support and advice during its implementation.

• All managers are directly responsiblefor implementing the policy and ensuring staff compliance in their respective departments.

• Compliance with the Information Security Policy is mandatory.

|Signature || |Date  | |
| | | |...
tracking img