IT Policies or IT Central Directives
They are high-level statements which state the Management's direction in information
security & privacy.
It will state Organizational setup of IT security structure, workstations or
It will establish the framework and basis of Information security of a organisation
Examples of internationally recognized frameworks include ISO27001, SOX, ITIL,COBIT etc.
In my next post, I will talk about procedures which are detailed instructions on the execution of IT policies
Click on Video below on SOX 404 explanation :
Click Here for more information on writing IT policies!