What is an Information Security Policy? - Definition & Types

Instructor: David Delony

David is a freelance writer specializing in technology. He holds a BA in communication.

In this lesson, you'll learn what an information security policy is and the different shapes that information security policies can take. You'll see how the different types of policies can interact.

What Is An Information Security Policy?

With all of the security leaks that have been in the news recently, information security has become important to many organizations, from schools to medical practices to business. Information security means protecting important information from people who aren't authorized to access it. An information security policy is a way for an organization to define how information is protected and the consequences for violating rules for maintaining access to information.

Regulatory Information Security Policies

While information security policies can be created by individual organizations, many times they are enforced by law, or as regulatory information security policies.

In the United States the healthcare sector is governed by HIPAA, or the Health Insurance Portability and Accountability Act. This part of the law sets strict guidelines for keeping patient information private, with penalties for disclosing information about patients being treated, mainly their health records.

For example, a receptionist mentioning the details of a patient's case to someone over the phone who isn't the patient, would be considered in violation of HIPAA if the patient hadn't authorized it, even if it was a relative. HIPAA also governs things like retaining records and shredding confidential information.

Administrative Information Security Policies

Apart from regulatory requirements, organizations can set their own policies for information security based on their needs, or administrative information security policies.

Alice is an administrator at XYZ University and is in charge of setting the university's information security policy.

One of the first things she'll do is make a risk assessment. This means that she'll have to decide what information is safe for general use and what information must be kept secret.

The faculty directory is an example of something that can be freely released. Students have to get in touch with their professors, and academics routinely collaborate on research with colleagues around the world, so it's important that their contact information be easily accessible.

Even with the general openness that universities offer, they still have to keep some information strictly private. The medical school runs some clinical trials, and they have to keep the identities of the participants strictly confidential, or it could jeopardize the integrity of the trial if the names of patients were leaked.

The clinical trial also runs into the previously mentioned HIPAA law, as this covers clinical drug trials in the U.S. as well. Administrative and regulatory policies can converge, as administrative policies are a way to enforce laws that govern a particular industry.

Technological Measures

Technological security measures are what most people think of when they think of information security.

To unlock this lesson you must be a Study.com Member.
Create your account

Register to view this lesson

Are you a student or a teacher?

Unlock Your Education

See for yourself why 30 million people use Study.com

Become a Study.com member and start learning now.
Become a Member  Back
What teachers are saying about Study.com
Try it risk-free for 30 days

Earning College Credit

Did you know… We have over 200 college courses that prepare you to earn credit by exam that is accepted by over 1,500 colleges and universities. You can test out of the first two years of college and save thousands off your degree. Anyone can earn credit-by-exam regardless of age or education level.

To learn more, visit our Earning Credit Page

Transferring credit to the school of your choice

Not sure what college you want to attend yet? Study.com has thousands of articles about every imaginable degree, area of study and career path that can help you find the school that's right for you.

Create an account to start this course today
Try it risk-free for 30 days!
Create an account