Information Security Policy Development: the Mechanism to Ensure Security Over Information Technology Systems

Abstract

Information security is still in its embryonic phase. The reason is that there are certain malevolent actors in the network that are always looking for loopholes in the system and can harm organizations with their malicious activities. The development of information security policy is very important. It lays the foundations of certain significant standards and procedures that help mitigate the potential risks associated with the organization or its network. The following article has discussed information security policy and its respective development cycle for the implementation of policy infrastructure that could help secure vital data and information in an organization. A framework is explained that demonstrates the construction of a policy, keeping in mind the implementation of an effective security policy. It has elaborated the significance of auditing measures focusing on ISO-27001, the policy specifically designed for information security.