DATA SECURITY

Enterprise Information Security Policy

Enterprise Information Security Policy defines the practice of applying a comprehensive and rigorous method for describing a current and/or future structure and behavior for an organization's security processes, information security systems, personnel and organizational sub-units, so that they align with the organization's core goals and strategic direction. Although often associated strictly with information security technology, it relates more broadly to the security practice of business optimization in that it addresses business security architecture, performance management and security process architecture as well.
Having an Enterprise Information Security Policy is a common practice. The primary purpose of creating an enterprise information security policy is to ensure that business strategy and IT security are aligned. As such, enterprise information security policies allow traceability from the business strategy down to the underlying technology.

Information Systems Security Policy

Information systems security policies are a special type of documented business rule for protecting information and the systems which store and process the information. Information systems security policies are usually documented in one or more information security policy documents. Within an organization, these written policy documents provide a high-level description of the various controls the organization will use to protect information.
Written information systems security policy documents are also a formal declaration of management's intent to protect information, and are required for compliance with various security and privacy regulations. Organizations that require audits of their internal systems for compliance with various regulations will often use information security policies as the reference for the audit.

Information Systems Acceptable Use Policies

An acceptable use policy (AUP) is a set of rules applied by network and website owners which restrict the ways in which the network or site may be used. AUP documents are written for corporations, businesses, universities, schools, churches, internet service providers, and website owners often to reduce the potential for legal action that may be taken by a user, and often with little prospect of enforcement.

Acceptable use policies are also integral to the framework of information security policies; it is often common practice to ask new members of an organization to sign an AUP before they are given access to its information systems. For this reason, an AUP must be concise and clear, while at the same time covering the most important points about what users are, and are not, allowed to do with the IT systems of an organization. It should refer users to the more comprehensive security policy where relevant. It should also, and very notably, define what sanctions will be applied if a user breaks the AUP. Compliance with this policy should, as usual, be measured by regular audits.

For more information contact info@churcsecuritysolutions.com

Contact us or call us today at 503-949-8862 for a free security consultation.

“Be shepherds of God’s flock that is under your care, serving as overseers.”

1 Peter 5:2