Information Security Policy Projects

This chapter outlines the basic elements of an information security policy project. Information security policy projects may vary widely in terms of effort. On the small end of the scale would be a small organization that is able to accept a ready-made set of information security policy templates with very little customization. On the higher end of the scale is a very large information security revision or rearchitect project for a large organization with many departments with different security needs. The chapter focuses on information security policy projects assumes that information security policies are being rearchitected or created from scratch. In fact, most information security policy projects do involve rearchitecting the policy framework or starting from scratch so a complete project plan discussion is generally applicable. Occasionally, an information security policy project may only seek to revise or even add to an existing well-organized information security policy set.