This article devotes four sections to addressing specific information classification topics and what policies for those topics might look like. Included in the text will be a formal discussion on each of the topics and examples of existing policy statements. The author will analyze these policies and establish the framework for the development of such policies for any organization. The first topic to be discussed will be information classification. From there the author will examine the need for an e-mail policy and then an Internet policy along with the supporting awareness program needed for Internet compliance. Finally, the author will establish a basic list of corporate level policies that every organization should have along with the sight modification required to support an information security program.
展开▼