Like every other aspects of management, the management of invaluable information assets also demand a “statement of intent” by the management. Such statement must vividly express the rules and by-rules formally which shall apply to all who have access to the organisations IT Facilities and information assets. These rules laid down by the management in a formal statement are known as IS Policy. The IS Policy must be clear, unambiguous, applicable to all, well documented and must cover all aspects related to IT and its security.
IS policy provides guidance to the developer, user as well as auditor as regards what is required to be done, by whom and how. It also serves the purpose of providing a yardstick to measure the performance of the IS security program and indentify the shortcomings. An IS Policy is therefore a vital instrument. It should address the issues related to the confidentiality, integrity and availability of the information assets.
Two vital things that can be seen from aforesaid facts is that 1) An IS Policy is the base of security program and holds a key to successful IS Security and 2) No two organisations can have the same IS Policy. Let the team at Cyber Radar Systems bring in their expertise and experience to cater to you an effective IS Policy suitable to your organisation.