[WEBINAR] The New Normal: Dealing with the Reality of an Unsecure World

Information Security Policy

Definition - What does Information Security Policy mean?

Information security policy is a set of policies issued by an organization to ensure that all information technology users within the domain of the organization or its networks comply with rules and guidelines related to the security of the information stored digitally at any point in the network or within the organization's boundaries of authority.

Techopedia explains Information Security Policy

The evolution of computer networks has made the sharing of information ever more prevalent. Information is now exchanged at the rate of trillions of bytes per millisecond, daily numbers that might extend beyond comprehension or available nomenclature. A proportion of that data is not intended for sharing beyond a limited group and much data is protected by law or intellectual property. An information security policy endeavors to enact those protections and limit the distribution of data not in the public domain to authorized recipients.

Every organization needs to protect its data and also control how it should be distributed both within and without the organizational boundaries. This may mean that information may have to be encrypted, authorized through a third party or institution and may have restrictions placed on its ditstribution with reference to a classification system laid out in the information security policy.

An example of the use of an information security policy might be in a data storage facility which stores database records on behalf of medical facilities. These records are sensitive and cannot be shared, under penalty of law, with any unauthorized recipient whether a real person or another device. An information security policy would be enabled within the software that the facility uses to manage the data they are responsible for. In addition, workers would generally be contractually bound to comply with such a policy and would have to have sight of it prior to operating the data management software.

A business might employ an information security policy to protect its digital assets and intellectual rights in efforts to prevent theft of industrial secrets and information that could benefit competitors.

A typical security policy might be hierarchical and apply differently depending on whom they apply to. For example, the secretarial staff who type all the communications of an organization are usually bound never to share any information unlesss explicitly authorized, whereby a more senior manager may be deemed authoritative enough to decide what information produced by the secretaries can be shared, and to who, so they are not bound by the same information security policy terms. To cover the whole organization therefore, information security policies frequently contain different specifications depending upon the authoritative status of the persons they apply to.

Techopedia Deals

Connect with us

Techopedia on Linkedin
Techopedia on Linkedin
"Techopedia" on Twitter

Sign up for Techopedia's Free Newsletter!

Email Newsletter

Join thousands of others with our weekly newsletter

Free Whitepaper: The Path to Hybrid Cloud
Free Whitepaper: The Path to Hybrid Cloud:
The Path to Hybrid Cloud: Intelligent Bursting To Amazon Web Services & Microsoft Azure
Free E-Book: Public Cloud Guide
Free E-Book: Public Cloud Guide:
This white paper is for leaders of Operations, Engineering, or Infrastructure teams who are creating or executing an IT roadmap.
Free Tool: Virtual Health Monitor
Free Tool: Virtual Health Monitor:
Virtual Health Monitor is a free virtualization monitoring and reporting tool for VMware, Hyper-V, RHEV, and XenServer environments.
Free 30 Day Trial – Turbonomic
Free 30 Day Trial – Turbonomic:
Turbonomic delivers an autonomic platform where virtual and cloud environments self-manage in real-time to assure application performance.