Information protection policy
Information protection policy is a document which provides guidelines to users on the processing, storage and transmission of sensitive information. Main goal is to ensure information is appropriately protected from modification or disclosure. It may be appropriate to have new employees sign policy as part of their initial orientation. It should define sensitivity levels of information.
Content
- Should define who can have access to sensitive information.
- Should define how sensitive information is to be stored and transmitted (encrypted, archive files, unencoded, etc.).
- Should define on which systems sensitive information can be stored.
- Should discuss what levels of sensitive information can be printed on physically insecure printers.
- Should define how sensitive information is removed from systems and storage devices.
- Should discuss any default file and directory permissions defined in system-wide configuration files.
See also
- Network security
- Network security policy
- Computer security
- Computer security policy
- Information security
- Information security policies
- User account policy
- Remote access policy
- Internet security
- Industrial espionage
- FTC Fair Information Practices
External links
This article is issued from Wikipedia - version of the 3/16/2013. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.