Information protection policy

Information protection policy is a document which provides guidelines to users on the processing, storage and transmission of sensitive information. Main goal is to ensure information is appropriately protected from modification or disclosure. It may be appropriate to have new employees sign policy as part of their initial orientation. It should define sensitivity levels of information.

Content

• Should define who can have access to sensitive information.
• Should define how sensitive information is to be stored and transmitted (encrypted, archive files, unencoded, etc.).
• Should define on which systems sensitive information can be stored.
• Should discuss what levels of sensitive information can be printed on physically insecure printers.
• Should define how sensitive information is removed from systems and storage devices.
• Should discuss any default file and directory permissions defined in system-wide configuration files.^{[citation needed]}

See also

• Network security
• Network security policy
• Computer security
• Computer security policy
• Information security
• Information security policies
• User account policy
• Remote access policy
• Internet security
• Industrial espionage
• FTC Fair Information Practices

External links

• National Institute for Standards and Technology

0.00 (0 votes)