Information Security Policy

Definition(s)


Information Security Policy

An aggregate of directives, regulations, rules, and practices that prescribe how an organization manages, protects, and distributes information.

From: CNSSI 4009; NIST SP 800-53 Rev 4.

Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global Standards