Sage Advice - Cybersecurity Blog

Before cybersecurity became a standard part of our lexicon, the practice of keeping information and data safe was simply known as information security. Although the two terms are still used interchangeably, there is a definite distinction between the two, which provides context and explains the evolution this discipline has recognized over the past two decades. This paradigm provides perspective and instruction for when your organization starts to build and implement a cybersecurity program today.

Regardless of whether a policy is based on guiding principles or regulatory requirements, its success depends in large part upon how the organization approaches the tasks of policy development, publication, adoption, and review. This process is collectively referred to as the policy lifecycle. The responsibilities associated with the policy lifecycle processes are distributed throughout an organization. Organizations that understand the lifecycle and take a structured approach will have a much better chance of success with their cybersecurity practices. Let’s breakdown the Information Security Policy (ISP) lifecycle into further detail.

The role of policy is to codify guiding principles, shape and require behavior, provide guidance to those who are tasked with making present and future decisions, and serve as an implementation roadmap. An information security policy (ISP) is a directive that:

We see news of devastating cyberattacks every day in private and public organizations of all sizes. From phishing attempts, to business email compromises, to full-blown ransomware attacks, any device that’s connected to the internet is at risk for an attack.