An information security policy is a set of rules defined by an organisation that ensure that the company’s IT systems are adequately secured and not susceptible to compromise by unauthorised individuals.
When an IT system is compromised (or hacked), cybercriminals can carry out unauthorised transactions or can steal and disclose any information assets, including any confidential company information or intellectual property, that are stored digitally on such system.
When defining a corporate information security policy it is important to ensure that information is made available to the users that need it, whilst also ensuring the confidentiality and integrity of the information is maintained.
A well-documented Information Security policy should define:
- The purpose, scope and objectives of the Information Security policy
- Responsibilities, rights and duties of personnel
- Classification of data
- Access control and authorisation levels
- Data support and operations
- Reference to relevant legislation, such as data protection and GDPR, that govern how information can be used
As part of the Cyber Security Malta, Tech.mt collaborates with the Malta Information Technology Agency (MITA) and the Malta Digital Innovation Authority (MDIA) to deliver educational video episodes about Security in the Digital Economy towards a safer future.