Design your Visme
INFORMATION SECURITY POLICY
Enterprise Information Security Policy
response to a comprehensive external audit involving all the enterprise network
audit revealed security deficiencies not properly addressed in previous policy and standards documents
develop and establish essential and proper controls to minimize security risk
this policy applies to enterprise information systems that have been developed at TM
establish the minimum information security practices for TM resources, devices, and associated communication.
provide direction on TM security practices designed to ensure the confidentiality, integrity, and availability
protect the information assets of the company
covers all aspects of hardware, software, communications and information.
authorized access and usage of equipment
prohibited usage of equipment.
specific rules management
has a different look from Enterprise Information Security Policy (EISP) and Issue-Specific Security Policy (ISSP).
functions as standards or procedures to be used when configuring and maintaining the systems.
Include two components :
1- security objectives (managerial guidance)
define security objectives for the specific system.
2- operational security rules (technical specifications)
rules for operating a system
atiqa | May 15, 2016