IT security policy (sometimes cyber security policy) is a company policy defining how to behave to keep an organization's IT systems, IT infrastructure, data and information secure. It defines the processes, behaviors and mechanisms needed to maintain IT security at the required level.
What does the IT security policy cover?
In terms of scope, IT security typically includes these areas
- cyber security, protection against cyber attacks from the internet
- computer, laptop security
- mobile phone security
- BYOD principles
- security of the company computer network, including wifi
- cloud security
- password policy
- backup processes
- encryption and decryption
- malware and SPAM protection
IT security policy should include the following chapters
- Reasons, purpose and goals of information security
- IT management, operations, strategy, maintenance - responsibilities, rights duties of IT personnel
- Classification of information assets , Ways and mechanisms of security management
- Description of access rights to information and IT infrastructure, IT systems
- Staff security training and awareness
- Responsibilities, rights and duties of personnel
- Compliance management, reference to compliance with legislation, regulations and standards, business continuity management