Definition(s)
Information Security Policy
An aggregate of directives, regulations, rules, and practices that prescribe how an organization manages, protects, and distributes information.
From: CNSSI 4009; NIST SP 800-53 Rev 4.
Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global Standards