SIBIS Homepage

Statistical Indicators
Benchmarking the Information Society
- Statistics & indicators -


<-- previous
next -->

No. 16 Information security policy in European organisations

Does your establishment have an information security policy?

Base: Establishments with online presence, weighted column percentages
Questions: D5, D6
Source: SIBIS DMS 2002

The overall majority of organisations have an information security policy. Still only half of them have a clearly structured policy. With the exception of virus infections, the number of breaches appears to be fairly low which suggests that implementing a security policy brings results. The overwhelming presence of computer virus incidents suggests that information security policies are to be considered “living documents” since they need to be constantly updated in order to tackle new risks and vulnerabilities. Although general best-practices can be applied, it is important to emphasise that the implementation of information security policies needs to be tailored to specific risk and operational objectives of an individual organisation.

<-- previous | next -->