IT security policies

The IT security policy is a detailed description of all current organisational, personnel-related, infrastructure-related and technical IT security specifications and safeguards for the institution. The IT security policy consists of a comprehensive collection of documents that can be allocated to different levels depending on their regulatory depth: The strategic level of the IT security policy is covered by the IT security guideline.
The conceptual level of the IT security policy is covered by a range of IT security policies, where possible specific to target groups. Examples of these are a user policy and an administrator policy.

Specific concepts

Specific concepts are drawn up in companies and public authorities for the implementation of information security. Examples of these are:

  • Encryption concept
  • Data security concept
  • Virus protection concept
  • Network operating concept
  • Audit concept
  • Product and market analysis