No edit summary |
|||
| Line 7: | Line 7: | ||
== Overview == |
== Overview == |
||
| − | "For example, the information security policy for [[financial data]] [[data processing|processed]] on [[DoD]] [[system]]s may be in [[U.S.C.]], [[E.O.]], [[DoD Directives]], and local [[regulation]]s. The information security policy lists all the [[security]] requirements applicable to specific [[information]]."<ref> |
+ | "For example, the information security policy for [[financial data]] [[data processing|processed]] on [[DoD]] [[system]]s may be in [[U.S.C.]], [[E.O.]], [[DoD Directives]], and local [[regulation]]s. The information security policy lists all the [[security]] requirements applicable to specific [[information]]."<ref>[[DoD Instruction 5200.40]], at 11 (E2.1.29).</ref>}} |
== References == |
== References == |
||
Revision as of 20:52, 24 February 2013
Definition
An information security policy is the
| “ | [a]ggregate of directives, regulations, rules, and practices that prescribe how an organization manages, protects, and distributes information].[1] | ” |
Overview
"For example, the information security policy for financial data processed on DoD systems may be in U.S.C., E.O., DoD Directives, and local regulations. The information security policy lists all the security requirements applicable to specific information."[2]}}
References
- ↑ CNSSI 4009, at 33.
- ↑ DoD Instruction 5200.40, at 11 (E2.1.29).