Welcome » IT Booklets » Information Security » Information Security Strategy » Architecture Considerations » Policies and Procedures
Policies are the primary embodiment of strategy, guiding
decisions made by users, administrators, and managers and informing
those individuals of their security responsibilities.
Policies also specify the mechanisms through which responsibilities
can be met, and provide guidance in acquiring, configuring, and
auditing information systems.
Key actions that contribute to the success of a security policy
Institutions are required to establish an information security
program that meets the requirements of the 501(b) guidelines.
Information security polices and procedures are some of the
institution's measures and means by which the objectives of the
information security program are achieved.