Click to return to BOL home page
Banker Store Read A Reg BOL Insiders Career Connect Learning Connect Bankers Information Network

   

















    Site Map

    Our Sponsors

    Home













Compliance Gurus
Lending Gurus
Operations Gurus
Marketing Gurus
Technology Gurus
eBanking Gurus

Print Friendly! Email This Article! Discuss NOW!


Security Policy vs. Information Security Policy
Answer by Michael Guard
BIO AND CONTACT INFO

QUESTION: I am updating our Security Policy and would like to find one or more sample Security Policies I could use to help me in this process. Also, now that we have an Information Security Policy and a Security Policy, I am somewhat confused as to what should be covered in what policy. There seems to be some crossover between the two.

ANSWER:
You are correct there can be significant areas of overlap between information security programs and security programs. In fact, there can be overlaps between information security programs and several other policies and procedures of any institution. This is why it is important for someone to review every policy and procedure in the institution before starting to put together any information security program to determine what content already exists and might need to be updated or incorporated by reference into the information security program.

While there is not any fundamental problem in having overlaps between different sets of policies, it is very important to be sure all terms are utilized consistently and, even more important, that there are no conflicts.

I put together a set of links on information security and included links to a variety of information security policies. While many are for universities, and not financial institutions, there will still be a great deal of beneficial information for you. http://www.securemis.com/links.html

Also, while not an information security program itself, the single best document I have found on what should be in an information security program, how to go about putting one together, and some sample clauses is NIST Special Publication 800-18 Guide for Developing Security Plans for Information Technology Systems. You can download the document in WordPerfect format from: this link.

First published on BankersOnline.com 10/1/01



Home | Compliance | Lending | Operations | Security | Marketing | Technology | eBanking
BOL Archives    Privacy Policy    Important Disclaimer   Recommend This Site !   Contact Us


BankersOnline is a free service made possible by the generous support of our advertisers and sponsors. Advertisers and sponsors are not responsible for site content. Please help us keep BankersOnline FREE to all banking professionals. Support our advertisers and sponsors by clicking through to learn more about their products and services.