Acronym : ISSP
The Information Security Policy is the reference document that formalizes an organization's security rules, principles and responsibilities. It is the foundation on which every technical and organizational control is later built.
Without a written policy approved by leadership, security relies on informal practices that are hard to audit or enforce when an incident or an audit occurs.
A company defines its password policy, personal device usage rules and incident reporting procedure within its information security policy.
Assess your organization's maturity on this topic
Start the diagnostic