The IT security policy is a detailed description of all current organisational, personnel-related, infrastructure-related and technical IT security specifications and safeguards for the institution. The IT security policy consists of a comprehensive collection of documents that can be allocated to different levels depending on their regulatory depth: The strategic level of the IT security policy is covered by the IT security guideline.
The conceptual level of the IT security policy is covered by a range of IT security policies, where possible specific to target groups. Examples of these are a user policy and an administrator policy.
Specific concepts are drawn up in companies and public authorities for the implementation of information security. Examples of these are:
- Encryption concept
- Data security concept
- Virus protection concept
- Network operating concept
- Audit concept
- Product and market analysis