<div>
<div class="content wysiwyg-content">
Hi<br />
<br />
I understand that examples and templates of information security policies are all over the internet, both paid and free. SANS, NIST, Ruskwig etc has loads of them online.<br />
<br />
What has been your best example of creating an easy to read, understand and retain the base elements of an information security policy?<br />
<br />
Something innovative that struck you at first instance. In my view, more than half a page of information security policy document is destined into annals of history. As the majority of userbase that we need to communicate the policy to is non-IT, there is no need for incorporating elements regarding systems hardening and servers backup into it, that can form some other document.<br />
<br />
So, anything that someone wants to share in terms of real ingenuity while writing information security policy format and structure. Understand, that I am not looking for content but structure of it.<br />
<br />
Rgds
</div>
</div>


Hi

I understand that examples and templates of information security policies are all over the internet, both paid and free. SANS, NIST, Ruskwig etc has loads of them online.

What has been your best example of creating an easy to read, understand and retain the base elements of an information security policy?

Something innovative that struck you at first instance. In my view, more than half a page of information security policy document is destined into annals of history. As the majority of userbase that we need to communicate the policy to is non-IT, there is no need for incorporating elements regarding systems hardening and servers backup into it, that can form some other document.

So, anything that someone wants to share in terms of real ingenuity while writing information security policy format and structure. Understand, that I am not looking for content but structure of it.

Rgds

Information Security Policy Format

Security is the protection of information systems from theft or damage to the hardware, the software, and the information on them, as well as from disruption or misdirection of the services they provide. The main goal of security is protecting assets, and an asset is anything of value and worthy of protection.  Information Security is a discipline of protecting information assets from threats through safeguards to achieve the objectives of confidentiality, integrity, and availability or CIA for short. On the other hand, disclosure, alteration, and disruption (DAD) compromise the security objectives.