Publication

Definition of information systems security policies

View document

Bibliographic Details
Summary:Information is considered to be the most critical asset in the business world and the management of the risks associated with information must become a pattern practice within the companies [1]. Therefore, the adoption of an Information Systems Security (ISS) policy for the protection of such an asset makes total sense. Organizations handle increasingly larger amounts of information in technological supports, which makes continuously stricter and broader security controls indispensable. The technological process may work as a catalyst for threats but is not alone enough to ensure the effective security of information. Just as if not more important than reaching the appropriate levels of information security within each organization is being able to maintain them. Having software and hardware which contributes to the security of information is not enough. Organizations must also have a security policy and a good security management so as to firmly anchor the efforts to protect the assets of the information system [2]. In order to better understand the concept of ISS policy, it is convenient to distinguish it from concepts such as norms, directives and procedures. Table 1 shows the differences between these concepts.
Main Authors:Lopes, Isabel Maria
Other Authors:Pereira, João Paulo; Oliveira, Pedro
Subject:Information security Definition of security policies Information systems security policies
Year:2017
Country:Portugal
Document type:conference paper
Access type:restricted access
Associated institution:Instituto Politécnico de Bragança
Language:English
Origin:Biblioteca Digital do IPB

Similar Items