ISO IEC 17799 2000*

TRANSLATED INTO PLAIN ENGLISH

Section 3: Security Policy

DETAILED STANDARD

TO MAIN MENU

TO SECTION 4

* ISO 17799 2000 is now OBSOLETE.

Please see ISO 27002 (17799 2005)!

Also see the ISO 27001 2005 Standard.

Praxiom Research

3.1 ESTABLISH AN INFORMATION SECURITY POLICY

 

Establish an information security policy.

 

Make sure that your security policy provides clear direction.

 

Make sure that your information security policy shows that
your organization is committed to information security.

 

Make sure that your security policy shows that your organization is
prepared to support an ongoing commitment to information security.

3.1.1 DEVELOP AN INFORMATION SECURITY POLICY DOCUMENT

 

Document your information security policy.

 

Make sure that your information security policy document
has been formally approved by your senior management.

 

Publish your information security policy document.

 

Communicate your security policy to all employees.

 

Make sure that your information security policy
communications are easy for users to understand.

 

Make sure that your security policy communications
are relevant to your users’ needs and expectations.

 

Make sure that your security policy document makes it clear that
your senior management is firmly committed to information security.

 

Make sure that your policy document indicates that your management
supports your organization’s information security goals and principles.

 

Make sure that your information security policy document describes your
organization’s approach to the management of information security.

 

Make sure that your security policy document
provides a definition of information security.

 

Make sure that your policy document clarifies the scope
of your organization’s commitment to information security.

 

Make sure that your information policy document defines
your organization’s information security objectives.

 

Make sure that your security policy document highlights the information
security considerations that are especially important to your organization.

 

Make sure that your information security policy document
defines information security management responsibilities.

 

Make sure that your information security policy document
defines security incident reporting responsibilities.

 

Make sure that your security policy refers to other
documents that support your information security policy.

3.1.2 REVIEW AND EVALUATE INFORMATION SECURITY POLICY

 

Clarify who owns your information security policy.

 

Make sure that your security policy owner is responsible
for the review and evaluation of your security policy.

 

Define a security policy review and evaluation process.

 

Carry out periodic information security policy reviews.

 

Make sure that your periodic policy reviews evaluate
the effectiveness of your information security policy.

 

Make sure that your periodic policy reviews evaluate the
impact security controls are having on business efficiency.

 

Make sure that your periodic policy reviews evaluate
the effects that changes in technology are having.

 

Carry out a policy review whenever your security risks change.

TO MAIN MENU

TO SECTION 4

Praxiom

OTHER ISO 17799 2000 PAGES

Section 4: Organizational Structure

Section 5: Asset Classification and Control

Section 6: Personnel Security Management

Section 7: Physical and Environmental Security

Section 8: Communications and Operations

Section 9: Access Control Management

Section 10: Systems Development and Maintenance

Section 11: Business Continuity Management

Section 12: Compliance Management

ISO 27002 2005 (17799 2005) PAGES

Introduction to ISO 27002 Information Security

Plain English Information Security Management Definitions

Overview of the ISO 27002 Information Security Standard

ISO 27002 Security Standard Translated into Plain English

Information Security Management Control Objectives

Information Security Management Audit Tool

ISO 27001 2005 PAGES

Introduction to ISO 27001 Information Security

Comparison of ISO 27001 2005 and ISO 27002 2005

ISO 27001 2005 Security Standard Translated into Plain English

Information Security Management System Development Plan

Information Security Management Gap Analysis Tool

Home Page

Our Libraries

A to Z Index

Our Customers

How to Order

Our Products

Our Prices

Our Guarantee

PRAXIOM RESEARCH GROUP LIMITED
9619 - 100A Street, Edmonton, Alberta, T5K 0V7, Canada
Telephone: 780-461-4514 info@praxiom.com

Updated on December 22, 2011. First published on October 28, 2004.

Disclaimer and Limitation of Liability
The publisher and authors have used their best efforts in designing and
  developing this electronic publication. We make no representation or warranties
  with respect to accuracy or completeness of the contents of this publication and
  specifically disclaim any implied warranties or merchantability or fitness for any
  particular purpose and shall in no event be liable for any loss of profit or any
  other commercial damage, including but not limited to special, incidental,
  consequential, or other damages.

Legal Restrictions on the Use of this Page
Thank you for visiting this page. You are, of course, welcome to view our
 material as often as you wish, free of charge. And as long as you keep intact
 all copyright notices, you are also welcome to print or make one copy of this
 page for your own personal, noncommercial, home use. But, you are not
 legally authorized to print or produce additional copies or to copy and paste
 any of our material onto another web site or to republish it in any way.

Copyright © 2004-2011 by Praxiom Research Group Limited. All Rights Reserved.

Praxiom Reserach