Information Security Policy Format
Posted on 2014-02-02
I understand that examples and templates of information security policies are all over the internet, both paid and free. SANS, NIST, Ruskwig etc has loads of them online.
What has been your best example of creating an easy to read, understand and retain the base elements of an information security policy?
Something innovative that struck you at first instance. In my view, more than half a page of information security policy document is destined into annals of history. As the majority of userbase that we need to communicate the policy to is non-IT, there is no need for incorporating elements regarding systems hardening and servers backup into it, that can form some other document.
So, anything that someone wants to share in terms of real ingenuity while writing information security policy format and structure. Understand, that I am not looking for content but structure of it.