Luka Florjančič (2016) Information security policy for a company. EngD thesis.
Abstract
Information has become a significant factor and a primary source in any organization. A successful business depends upon the processing and security of information at its disposal, which must remain integral, confidential and available at all times. If the information falls into the wrong hands, a company and its business activities may be confronted by serious consequences. Both management and employees should be aware of such risks. Security policy thus represents the rules and guidelines on how to avoid incidents, or at least, how to minimize the consequences. It has a form of a document, on which effective and comprehensive programme of company's information security policy is based. This thesis describes the theoretical foundations for information security and its established standards. Developing security policy is a complex process that takes place in several stages. In formulating a security policy for a specific company, we considered all of them.
Actions (login required)