Security Assessment > Security Policy    

why you need an information security policy

Information is a key asset. The information which you hold electronically has a value as much as any tangible asset: it may encapsulate intellectual property (such as a product design) and will undoubtedly contribute to business advantage. Beyond the cost of recreating the information should it be lost, there is the cost to competitiveness and brand image if sensitive information is modified or divulged to the wrong parties. Equally, there may be legal repercussions for failing to adequately protect personal information.

The purpose of an information security policy is to identify the information that is valuable to you, to set out why the information is considered valuable, to analyse the relevant threats and vulnerabilities, and to define a framework within which that information can be protected. Additionally, an information security policy identifies roles and delineates responsibilities associated with protecting the information that it relates to.

A Security Policy should not be cast in stone. It must be adapted to keep pace with the way your business works, and in response to new threats and opportunities.


Copyright © 2017 Xiscan® Limited. All Rights Reserved.