Goal of the Security Policy
Organization X depends on information and information systems. The goal of the security policy is to set objectives for the organization as regards theprotection of its informational assets. The security policy provides the basis for the implementation of security controls that reduce risks and system vulnerabilities. By clarifying theresponsibilities of users and the measures they must adopt to protect information and systems, Organization X avoids serious losses or unauthorized disclosure. Moreover, the company's good name is partlydependant on the manner in which it protects its information and information systems. Finally, a security policy can be useful as evidence in litigations, in client contract negotiations, during acquisitionbids and for business relations in general. The management of Organization X has initiated and continues to sustain an information security effort thanks to the development of sound policies andprocedures.
Security Management Framework
All policies and procedures included in this document are approved, supported and defended by the senior management of Organization X. As respect of thesecurity policy is all important to the corporation, its information and the information entrusted to it must be protected according to the critical value and sensitive nature of this information. Securitymeasures must be taken, regardless of the storage media on which information is saved, the systems used to process information or the methods used to transfer information. Information must be protectedaccording to its security classification, without regard to the phase of the information life cycle in which it is found.
Information security is a team effort. It requiresthe participation and support of all members of the organization who work with information systems. Thus, each employee must comply with the requirements of the information security policy and its...