An IT Security Policy is aimed at protecting the Confidentiality, Integrity and Availability of resources, data and programs. Essentially, it will:

• Define what you want to protect
• Analyze what it is you want to protect it from
• Explain how you intend to protect it

To be effective, it must be both holistic and dynamic. To be achievable, it must be realistic in its goals, and (where user conformity is required) expressed in a way that is simple and short enough to ensure it is read, understood and followed.

The overall security policy will address such areas as:

• Physical security of your data and systems
• Access control to your data and systems
• Data integrity and availability
• Contingency and recovery plans (Disaster Recovery, Fail-over, Backup Recovery)

Anti-virus issues are simply one element of such a policy – viruses are one of the risks this policy must protect against.

www.bestitdocuments.com