The IT Law Wiki

Information security policy

32,074pages on
this wiki
Add New Page
Add New Page Talk0

Definition Edit

An information security policy is the

[a]ggregate of directives, regulations, rules, and practices that prescribe how an organization manages, protects, and distributes information.[1]

Overview Edit

"For example, the information security policy for financial data processed on DoD systems may be in U.S.C., E.O., DoD Directives, and local regulations. The information security policy lists all the security requirements applicable to specific information."[2]

References Edit

  1. CNSSI 4009, at 33.
  2. DoD Instruction 5200.40, at 11 (E2.1.29).

Also on Fandom

Random Wiki