 |
Statistical Indicators |
|
| <-- previous | ||
| No. 16 Information security policy in European organisations | ||
Does your establishment have an information security policy? |
||
 |
||
Base: Establishments with online presence, weighted column percentages Questions: D5, D6 Source: SIBIS DMS 2002 |
||
| The overall majority of organisations have an information security policy. Still only half of them have a clearly structured policy. With the exception of virus infections, the number of breaches appears to be fairly low which suggests that implementing a security policy brings results. The overwhelming presence of computer virus incidents suggests that information security policies are to be considered “living documents” since they need to be constantly updated in order to tackle new risks and vulnerabilities. Although general best-practices can be applied, it is important to emphasise that the implementation of information security policies needs to be tailored to specific risk and operational objectives of an individual organisation. | ||