Knowledge is a matter of definitions. Here you will find the most important technical terms for cybersecurity.

Information Security Policy

The information security policy constitutes the highest level of all security policies. According to ISO/IEC 27000, a policy describes the “intentions and direction of an organization as formally expressed by its top management”. The information security policy (according to ISO/IEC 27001) must support the purpose of the organization and should either include security objectives or provide a framework for establishing these objectives. Furthermore, it must make a commitment for the continual improvement of the ISMS (information security management system). According to the best practices of ISO/IEC 27002, the information security policy should define information security, describe principles for activities relating to information security and contain statements regarding the assignment of responsibilities as well as for handling deviations and exceptions.

Don’t miss anything! Subscribe to our free newsletter.

Your security is our top priority – our specialists provide you with professional support.

Availability Monday to Friday 8:00 a.m. – 6:00 p.m (exception: customers with SLA – please call the 24/7 IRR emergency number).

Private individuals please contact your trusted IT service provider or the local police station.

For more information about our DFIR services here:

Add CSIRT to contacts