IT Security Policy: The First Line of Defense

As a security professional, I am amaze when I find that an organization does not have an IT security policy in place.

An IT security policy is a statement by management to how the organization will protect their resources from unauthorized access, alteration, or destruction. The IT security policy also provides a blueprint of management’s strategy as regards information security.

An IT Security policy usually consist of the following categorizes:

1. Corporate Policy
2. Information Security Policy
3. Personnel Security Policy
4. Physical and environmental security policy
5. Computer & Networks Security Policy
* System Administration
* Network Policy
* Application Development Policy
6. Business Continuity Planning

The Purpose of an IT Security Policy

The purpose of the information security policy is to establish a corporate-wide approach to information security. To also prescribe mechanisms that help identify and prevent the compromise of information security and the misuse of corporate data, applications, networks and computer systems. Lastly, to implement effective controls for responding to incidents and external complaints.

For more information on IT Security Policies and other documents please visit

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.