Information Security Policy Review & Development
Information security policies are a special type of documented business rule. It documents the information security requirements of the different lines of businesses that constitute the overall business environment. While it is a requirement for regulatory compliance, smart security policies also enhance business operations by reducing risk and decreasing IT security management costs.
Policies must be uniquely tailored to the needs of each organization, because the factors that drive information security policies vary considerably from organization to organization. The factors include business objectives, legal requirement, organizational design, information systems technology deployed et al.