Information Security Plan

Information Security Plan

Preamble

An Information Security Plan (ISP) is formulated to secure critical information and other information system resources from a wide of information security related threats in order to minimize information security risk, ensure continuity of business and maximize return on investment. Information System security can only be achieved by implementing an appropriate set of internal as well as external controls. These controls include information security policy, processes, standard operating procedures, and software and hardware components of business organization. These controls needs to be conceived, planned, researched, documented, implemented, monitored, reviewed and improved if required to guarantee the fulfillment of certain information security and business objectives of the ABC Inc.

This information security plan deals with the issues related to individual and group privacy, data security and confidentiality of information concerning the ABC Inc. especially the issues involving critical and highly sensitive information. The plan also outlines information security measures that would be implemented in order to ensure and maintain the privacy of ABC Inc. employees and suppliers and clients and other associated entities.

Purpose

The purpose of this plan is to ensure a high degree of confidentiality, privacy, integrity and availability of data, design, develop and document the information security policies and procedures aimed at supporting the business objectives of ABC Inc. in order to allow the organization to comply with the legal and ethical standards regarding the protection of its information system resources.

Information security process, procedures and policies represent the basis for the ABC's ISP as these policies and procedures server as the guiding principles for the use, management and actual implementation of information security plan in every individual business units of ABC Inc.

The plan also outlines several internal and external controls aimed at providing checks and balances for the purpose of identifying and mitigating information system irregularities, preventing abuse and fraud, and assisting the company management in resolving inconsistencies that may occur accidently in the business operations of the company. When adequately implemented throughout the organization, these controls and information security policies ensure that the information assets of the company are protected from a wide range internal as well external threats and vulnerabilities thereby helping the organization to achieve and maintain business continuity and maximize return on investment.

Scope

This information security plan applies to the entire ABC Inc. community including the CEO, Directors, Presidents, Vice Presidents, Senior Managers, Managers, Department Supervisors, employees, suppliers, contractors, visitors, volunteers and clients who have access to ABC's information system assets and resources. Such assets and resources include business data, software and hardware components, image, text files and other information stored on any type of media.

ABC Inc.'s Security Policy

The information system resources at ABC Inc. support the business activities of the organization and the use of these resources is privilege that is extended to the employees, suppliers, contractors, clients and others associated with ABC. Any member of the ABC community using information system resources of the company must, therefore, comply with and adhere to the policies governing its use. It is the collective responsibility ...