ISO IEC 17799 2000*TRANSLATED INTO PLAIN ENGLISHSection 3: Security PolicyFREE DETAILED STANDARD |
|
|
*ISO
17799 2000 is now OBSOLETE. |
|
|
ISO17799 IS AN INFORMATION SECURITY MANAGEMENT STANDARD |
|
|
3.1 ESTABLISH AN INFORMATION SECURITY POLICY |
|
|
|
Establish an information security policy. |
|
|
Make sure that your security policy provides clear direction. |
|
|
Make
sure that your information security policy
shows that |
|
|
Make sure that your security policy shows that your organization is prepared to support an ongoing commitment to information security. |
|
3.1.1 DEVELOP AN INFORMATION SECURITY POLICY DOCUMENT |
|
|
|
Document your information security policy. |
|
|
Make sure that your information security
policy document |
|
|
Publish your information security policy document. |
|
|
Communicate your security policy to all employees. |
|
|
Make sure that your information security
policy |
|
|
Make sure that your security policy
communications |
|
|
Make sure that your security policy document
makes it clear that |
|
|
Make sure that your policy document indicates
that your management |
|
|
Make sure that your information security
policy document describes your |
|
|
Make sure that your security policy document
|
|
|
Make sure that your policy document clarifies the scope |
|
|
Make sure that your information policy document defines |
|
|
Make sure that your security policy document highlights the information security considerations that are especially important to your organization. |
|
|
Make sure that your information security policy document |
|
|
Make sure that your information security policy document |
|
|
Make sure that your security policy refers
to other |
|
3.1.2 REVIEW AND EVALUATE INFORMATION SECURITY POLICY |
|
|
|
Clarify who owns your information security policy. |
|
|
Make sure that your security policy owner is
responsible |
|
|
Define a security policy review and evaluation process. |
|
|
Carry out periodic information security policy reviews. |
|
|
Make sure that your periodic policy reviews
evaluate |
|
|
Make sure that your periodic policy reviews
evaluate the |
|
|
Make sure that your periodic policy reviews
evaluate |
|
|
Carry out a policy review whenever your security risks change. |
|
ISO17799 IS AN INFORMATION SECURITY MANAGEMENT STANDARD |
|
| Home Page | Table of Contents | Alphabetical Index | Site Map |
| How to Order | Our Products | Our Prices | Our Guarantee |
| CONTACT INFORMATION |
| Praxiom Research Group Limited 9619 - 100A Street, Edmonton, Alberta, T5K 0V7, Canada Phone: (780)461-4514 Fax: (780)463-6034 info@praxiom.com |
Legal
Restrictions on the Use of this Page
Thank you
for visiting this page. You are, of course, welcome to view our
material as often as you wish, free of charge. And as long as you keep
intact
all copyright notices, you are also welcome to print or make one copy of
this
page for your own personal, noncommercial, home use. But, you
are not
legally authorized to print or produce additional copies, or to copy and
paste
any of our material onto another web site. If you would like to
purchase our
material, please contact our Sales Desk. Our staff would be very pleased to
take your order or to answer any questions you might have.
Copyright © 2005 - 2007 by Praxiom Research Group Limited. All Rights Reserved.
Disclaimer
and Limitation of Liability
The
publisher and authors have used their best efforts in designing and
developing this electronic publication. We make no representation or
warranties
with respect to accuracy or completeness of the contents of
this publication and
specifically disclaim any implied warranties or
merchantability or fitness for any
particular purpose and shall in no
event be liable for any loss of profit or any
other commercial damage,
including but not limited to special, incidental,
consequential, or
other damages.
This web page was updated on October 2, 2007
On the Web since May 25, 1997