SECURITY POLICY CONTENTS
An information security policy should ideally comply with ISO/IEC 27001. This standard provides best practice recommendations for information security management. The security policy should be defined as part of an organisations ISO/IEC 27001 Information Security Management System (ISMS).
A security policy that complies with the standard ISO/IEC 27001 should contain the following contents.
- Security Policy
- Organisation of Information Security
- Asset Management
- Human Resources Security
- Physical and Evironmental Security
- Communications and Operation Management
- Access Control
- Information Systems Aquisition, Development and Maintenance
- Information Security Incident Management
- Business Continuity Management
The suggested contents for an Information Security Policy are can be found in the following document.