Every organisation has a need to develop Information Security Policies.
Information security aims to achieve three main objectives:
- Confidentiality – data and information assets must be confined to people authorised to access and not be disclosed to others
- Integrity – keeping the data intact, complete and accurate, and IT systems operational and
- Availability – the right information is available to authorised users at the right time on the right device.
We assist in fast tracking these policies, based on the following pragmatic approach:
- Overarching Information Security Policy – an overarching document that is approved by the Board and provides direction to executive management in relation to Information Security requirements.
- Information security Principles – Information security principles communicate the rules of the enterprise in support of the governance objectives and enterprise values, as defined by the board and executive management.
- Specific Information Security Policies – These will define how the Overarching Information Security Management Policy will be applied. In this way management does the “heavy lifting” for the “How” in relation to implementing the Overarching Information Security Policy. There are also aligned to ISO 27000.