Affiliation:
1. VNR Vignana Jyothi Institute of Engineering and Technology, India
Abstract
In today's digital e-commerce and m-commerce world, the information itself acts as an asset and exists in the form of hardware, software, procedure, or a person. So the security of these information systems and management is a big challenging issue for small and large-scale agencies. So this chapter discusses the major role and responsibility of the organization's management in identifying the need for information security policy in today's world of changing security principles and controls. It focuses on various policy types suitable for all kinds of security models and procedures with the background details such as security policy making, functionality, and its impact on an agency culture. Information security policies are helpful to identify and assess risk levels with the available set of technological security tools. The chapter describes the management strategies to write a good policy and selection of the right policy public announcement. The agencies must also ensure that the designed policies are properly implemented and ensure compliance through frequent intermediate revisions.
Reference13 articles.
1. Alexander. (1996). The Underground Guide to Computer Security. Addison Wesley Publishing Company.
2. DeyM. (2007). Information security management - A Practical Approach. Windhoek: AFRICON.
3. The information security policy unpacked: A critical study of the content of university policies
4. Ernst & Young, L.L.P. (2004). Information Security Survey. Technical report. Author.
5. Metrics for characterizing the form of security policies