Talk:Information security policies

Merge
Absolutely NOT!

Perhaps this has been advocated by IT and/or Information Management professionals but for those who are not aware there is a whole and very large and comprehensive discipline out here - e.g. Security Risk Managers and Physical Security Professionals who may never be involved in IT and Information Management (these are specialist fields of expertise)but who rely upon Security Policies in the course of their work. I would even suggest that these areas arefar greater and more diverse than just Information Security!

L.Bromfield Citadel International Dubai UAE —Preceding unsigned comment added by 91.74.89.68 (talk • contribs)


 * Agree that if were to be merged, should go the other way (Information security policy is a subset of Security policies). Zodon

(talk) 09:02, 20 March 2009 (UTC)

Mike Barwise Integrated InfoSec
 * to merge or not is hardly the point. This is such a poor exposition of infosec policies that it needs a complete rewrite from the ground up. Its content, so far as it represents anything at all, merely represents the lowest common denominator of current poor quality ineffectual policy structure. Just for example, [1] "sanctions" should be "enforcement", and should include description of approaches to monitoring and enforcing both compliance and efficacy. Note that enforcement means making something happen, not just applying sanctions when it doesn't happen. Penalties are only a tiny part of enforcement (and as tiny as possible as they hardly influence behaviour at large); [2] "policy text" - the very essence of the policy - is not described at all. As it stands, this article is effectively useless. 212.159.59.5 (talk) 12:14, 1 April 2010 (UTC)


 * It seems to me, that merging this article with Information protection policy rather then with Security policy. Conceptually they are closer.

--109.86.140.223 (talk) 19:30, 1 December 2010 (UTC)