Security Policy

A security guideline (also security guideline , security policy ) describes the aspired security requirement of an institution (authority, company, association etc.). Security usually means information security here . The focus today is in the area of ​​electronic data processing and the associated security requirements. This is based on the assumption or fact that information per se represents a value or its protection is required by law or regulation.

In the context of information security, the meaning and purpose of a security guideline can be described comprehensively with the assurance of confidentiality , integrity , availability and authenticity ( VIVA ) of the information. The security guideline is adopted and exemplified by the management of the institution, i.e. in companies by the board of directors or the management. It must be noted, understood and observed by all members of the institution. Violations will be sanctioned as far as possible.

content

A security policy defines the information security objectives chosen by the organization and the information security strategy pursued. List of the essential contents (without claim to completeness):

• Importance of information security and importance of IT (information technology) for the fulfillment of tasks
• Name of the security goals and description of the security strategy
• Description of the organizational structure
• Assurance that the security policy will be enforced by management and that violations will be sanctioned as far as possible
• Statements on the periodic review of the safety measures
• Statements on programs to promote information security through training and awareness-raising measures (maintaining and promoting awareness)
• Responsibilities in the information security process

See also

• BS 7799
• Firewall
• ISO / IEC 27002 (formerly ISO 17799)
• IT basic protection
• Network security
• Proof-Carrying Code
• Federal Office for Security in Information Technology

literature

• Daniel Bursch: IT security in the company. Basics, strategies, check-up. Vdm Verlag, Berlin 2005, ISBN 3-86550-064-1 .
• Heinrich Kersten, Klaus-Dieter Wolfenstetter (Ed.): The IT Security Manager. Expert knowledge for every IT security manager. Vieweg, Wiesbaden 2005, ISBN 3-528-05900-1 ( Edition Kes ).
• Hans-Peter Königs: IT risk management with a system. From the basics to implementation. An action-oriented guide. Vieweg, Wiesbaden 2005, ISBN 3-528-05875-7 ( Edition Kes ).