A Framework for Evaluation and Validation of Information Security Policy

The importance of information security for every field is increasingly recognized, the size and shape of information security policies may vary widely from organization to organization. This may depend on many factors, including the size of the organization, the sensitivity of the information they own, and the numbers and types of information and computing systems they use. A more effective concept is to develop a suite of policy documents to cover all information security bases; making a more efficient process for everyone. This paper examines the elements that need to be considered when developing and maintaining information security policy and goes on to present a design for a suite of information security policy. Many factors must be taken into accounts, which are discussed in this paper. The primary goal of this paper is to propose a new framework for information security that can provide better security over data and system. In this paper basics of information security is discussed which includes components of information security along with core principles of information security. This paper also explains various threats to the information and strategies that can be used in order to deal with such threats along with risk management. After this problem definition is explained. Then methodology used for designing the new framework for information security policy clarifies the approach. Analysis has done on information security policies of various universities and this analysis helps to design a new framework for information security. The proposed information security framework is simulated with the help of software.