In: Computer Science
Discuss the reasons for information security policies. One reason is to enable the creation of other more specific planning documents. What would happen in the absence of a policy document?
>To establish a general approach to information
security
>To detect and forestall the compromise of information security
such as misuse of data, networks, computer systems and
applications.
>To protect the reputation of the company with respect to its
ethical and legal responsibilities.
>To observe the rights of the customers; providing effective
mechanisms for responding to complaints and queries concerning real
or perceived non-compliances with the policy is one way to achieve
this objective
>Outcomes of interest are compared to expected or predicted outcomes (often constructed/modelled at the appraisal stage) of what would be expected if no action was taken (i.e. in the absence of the policy). Outcomes are only monitored for those experiencing the policy