Abstract
M.Sc. (Informatics)
A need has been identified for guidelines to Top Management on the
implementation of an Information Security Policy and its associated
documentation. In this dissertation, the Model for Information Security
Documentation
(lSD-model)
for the organisation and content of
documentation on information security is proposed. The proposed
model is divided into three distinct levels respectively containing the
Information Security Policy Document, the Goal Documents and the
Application
Guideline
Documents. A document is placed on the different
levels of the
ISO-model
according to the amount of detailed information
it contains and the management level mainly concerned with that
document.
Guidelines
are given regarding the content and format of
each of the
levels.
Particular
emphasis is laid on the Information
Security Policy
Document,
which is the highest
level,
and a number of
existing Information Security Policy Documents are evaluated according
to the guidelines given for the
lSD-model.
Finally,
a comparison is made
between C. C. Wood's guidelines on Information Security Policies and
those given for the
ISO-model.