| Abstract [eng] |
THE FORMATION OF INFORMATION SECURITY POLICY IN A MODERN ORGANIZATION SUMMARY The main object of work – creation of information security policy, in modern organization. The main purpose of this work – to analyze and in the end of this work give recomendations, that wuold be useful and wil help organization to know better what is security policy and implement this policy in organizaton. Main tasks, determined in the final work are: determinate conception of information security policy, to explore the main stages of security policy creation; review and introduce internationals standarts and formats which are available on market, to familiaraise with most imoportan steps of security strategy and documentaition; determinate main organization maturity models, which are used in security threats analysis. To analize, what size investition are allocated to secure company’s information; to explore that situation is in Lithuanian market, which security metodics and products are available for Lithuanian organization. Successful implementation of security policy in organization depends, from that, how organization will perceive security importance, how they will identify most important information resources, and forecast how this new policy will impact business activity. Also very important is not to make mistakes, choosing methodic ant technologies, which would be adequate to organizations activity. According to the analysis of security methodic and most important security policy steps, is easier to asses the main problems in security process, and to identify reasons which may make security policy inefficient. Successful implementation of security policy, employees training, good manager’s security understanding will help to avoid many problems. This work is systematized information about main security policy steps and process, most popular standards, occurring problems ant recommendations how to avoid them. So this work, can be used as a broad – brush and structures theoretical tool, about mains security process. It can be useful, to everyone who is interested in information security. |
