Model for organizing information security documentation

Abstract

The ISD Model describes a way to organize all relevant security measures, documentation and management's point of view in order to ensure a more effective implementation of information security. The model consists of three levels. Each of these levels represent a separate group of documents used in the attempt to ensure secure information. The Information Security Policy Document (ISPD) forms the top level of the model and serves as the most important factor in encouraging the involvement of top management in the implementation of information security. The second level contains the Goal Document(s) (GD). The purpose of the document or set of documents on this level is to place the ISPD into perspective. Implementation guidelines, which include the detailed procedures and standards, are placed in the Application Guideline Document(s) (AGD) on the lowest level of the ISD Model. Examples are also included.