A security policy (information security policy) is a structured set of principles, standards, and procedures that an organization establishes to ensure information security. It is typically organized into three tiers: a basic policy set by management, security standards derived from that policy, and operational procedures implemented on the ground. It serves as the foundation of an organization's security governance and requires periodic review.

Past questions testing this term · 1 questions

• 2014h26h #75情報セキュリティポリシに関する文書を，基本方針，対策基準及び実施手順の三つに分けたとき，これらに関する説明のうち，適切なものはどれか。