Information protection policy is a document which provides guidelines to users on the processing, storage and transmission of sensitive information. Main goal is to ensure information is appropriately protected from modification or disclosure. It may be appropriate to have new employees sign policy as part of their initial orientation. It should define sensitivity levels of information.
Content
* Should define who can have access to sensitive information.
* Should define how sensitive information is to be stored and transmitted (encrypted, archive files, unencoded, etc.).
* Should define on which systems sensitive information can be stored.
* Should discuss what levels of sensitive information can be printed on physically insecure printers.
* Should define how sensitive information is removed from systems and storage devices.
* Should discuss any default file and directory permissions defined in system-wide configuration files.
See also
*
Network security
Network security consists of the policies, policies, processes and practices adopted to prevent, detect and monitor unauthorized access, Abuse, misuse, modification, or denial of a computer network and network-accessible resources. Network securi ...
*
Network security policy A network security policy (NSP) is a generic document that outlines rules for computer network access, determines how policies are enforced and lays out some of the basic architecture of the company security/ network security environment. The docume ...
*
Computer security
Computer security, cybersecurity (cyber security), or information technology security (IT security) is the protection of computer systems and networks from attack by malicious actors that may result in unauthorized information disclosure, the ...
*
Computer security policy
A computer security policy defines the goals and elements of an organization's computer systems. The definition can be highly formal or informal. Security policies are enforced by organizational policies or security mechanisms. A technical impleme ...
*
Information security
Information security, sometimes shortened to InfoSec, is the practice of protecting information by mitigating information risks. It is part of information risk management. It typically involves preventing or reducing the probability of unauthorize ...
*
Information security policies
Information security, sometimes shortened to InfoSec, is the practice of protecting information by mitigating information risks. It is part of information risk management. It typically involves preventing or reducing the probability of unauthorize ...
*
User account policy
*
Remote access policy
*
Internet security
Internet security is a branch of computer security. It encompasses the Internet, browser security, web site security, and network security as it applies to other applications or operating systems as a whole. Its objective is to establish rules a ...
*
Industrial espionage
Industrial espionage, economic espionage, corporate spying, or corporate espionage is a form of espionage conducted for commercial purposes instead of purely national security.
While political espionage is conducted or orchestrated by governmen ...
*
FTC Fair Information Practices
External links
National Institute for Standards and Technology
Information technology management
{{business-term-stub