Draft – Information Security Policy Document

Write an information security policy document that defines the security program that you are going to implement at Initek.

• This is not a research paper – you do not have to cite sources unless you are using a direct quote/idea.
• Do not complete this assignment as if you are taking an exam and answering questions.
• Use headings and format your policy so it is easy to read and follow.
• Your grade will be based on your coverage of the assignment requirements.

Assignment Requirements

Your policy must include the following at a minimum:

1. A definition of information security, its overall objectives and scope and the importance of security as an enabling mechanism for information sharing
2. A statement of management intent, supporting the goals and principles of information security in line with the business strategy and objectives
3. A brief explanation of the security principles, standards, and compliance requirements of particular importance to the organization, including:
   1. Standards that are defined in your control framework
   2. Compliance with legislative, regulatory, and contractual requirements
   3. Security education, training, and awareness requirements