Main page


Information security policy elaboration with mind map

Information security policy as a global set of documents and measures to regulate organization activities and ensure itsí safety. This set of documents has a complicated structure and intercommunications between documents but it should be integral and actual at every time line. Mind maps should be used to manage this complication. And Mind Pad gives an opportunity to specify your map.

  • Important notice: Features and functions described on this page are for Mind Pad 2, the latest version of Mind Pad was released as a new major update (actually completely new project), so information on this page will be relevant only to Mind Pad 2, which is available for download, but is not supported.

Information security policy structure

Use Balanced Scorecard metrics designed in Excel to measure IT security performance.

First of all, you should know that there are many different approaches to create ISP. We will consider the most global variant when ISP describes all of organization activity aspects connected with providing information security.

Our ISP will consist of 4 main parts: Common Regulations, Security Standards, Organization Security and Emergency Plan.

Information security policy

Click to see big image of contact map

Common Regulations devoted to defining such things as Security Targets, Law References, Applying Borders and ISP structure.

Security Standards define Confidential Information Categorization, Statement of Responsibility, Terms and Definitions, Order of Confidential Information Using and so on.

Organization Security is the main part and consist of 3 big and complicated chapters: Application-Specific Procedures, Organizational Procedures and Security Instruments Using.

Emergency Plan consist of emergency situations defining, priority placing, prior measures, emergency arrangements and recovery plan.

All documents in ISP have an addressing property. Some docs are common for everyone, some should be

Information security policy mind map

Basic security tool

When designing security policy you will need to list security tools that will make your company secure. Consider Shred Agent as a basic tool for your security system. This is a file shredder that runs in background and wipe sensitive files as you delete them.

To get the best result you should use Mind Pad enhancement. In our ISP structure we have common documents, which should be available for all, for-user documents and administer documents. Users donít have access to administer documents. Another division of documents is regulations (with such properties as goal, access, borders and subject), standards (application area, access) and instructions (access, subject), and ISP PART (part name and description). So, we should create 4 new objects in Model Editor. Model Editor allows to create class of frame objects with new properties. In simpler words it means that you can add more properties to standard frames and use new frames on your work-space.

So, we will have such new frames:

  • regulation

  • standard

  • instruction


For regulations we will specify such category property values as application-specific procedure, organizational procedure and security instruments using.

For access property we will specify such values as: common, user and administrator.

Now we can create a mind map of ISP in Mind Pad. Central topic is default frame called ISP. Subtopics are ISP PARTS linked to ISP with names: Common Regulations, Security Standards, Organization Security and Emergency Plan. Each ISP PART connected with its regulations and standards and regulations are connected with instructions. Access property specified for each frame. That is the main scheme of ISP mind map.

As a tall structure it will looks like the map designed in Mind Pad (click to see the picture).

Of course, it is just an example, and you should elaborate this model according to your organization specific.

Information security policy support

To support ISP and keep it in an actual state we can link frames with concrete document source, for example in Microsoft Word. So, now we have an ISP specific workspace, we can see the whole structure of document set, we know all access rights to each document and we can get each document directly from the map using hyperlinks.

Such approach is very comfortable, because ISP may consist of about 100 different documents and IT security specialist must keep all this with its complicity and interconnections in his mind. For example, Organization Security-> Organizational Procedures branch may have such subtopics as Software Installation Order, Physical Access Order, Devices and Equipment Using Order, Access Regulation and so on.

Mind Pad provides all needed instruments and opportunities to create complete information security policy workspace. You also can use notes to mark documents, for example, to specify its stage of development.

Sample maps


Security policy

Information Security Policy

This is a sample of security policy map created in Mind Pad. 

Download Security Policy [11 KB]


  • For creating security policy mind map purpose, you can purchase Mind Pad with special pricing 49$. Purchase now.

Map as a text

We have generated a report for this map using Mind Pad. Here is the result:

1. Information security policy
1.1. Common Regulations
1.1.1. Security Targets
1.1.2. Law References
1.1.3. Applying Borders
1.1.4. Kate
Company  AKS-Labs
Date to contact  2004-01-01
Job title  Security team leader
1.2. Security Standards
1.2.1. Confidential Information Categorization
1.2.2. Statement of Responsibility
1.2.3. Terms and Definitions
1.2.4. Order of Confidential Information Using
1.2.5. Peter
Company  IT-Secure
Date to contact  2004-01-01
Job title  Security supervisor
1.3. Organization Security
1.3.1. Organizational Procedures Software Installation Order Instruction (administrator) - Software Installation Instruction (user) - Software Using Rules
1.3.2. Security Instruments Using Viruses Protection Order Organization of virus protection system Antivirus Software Using
1.3.3. Application-Specific Procedures
1.3.4. James
Company  AKS-Labs
Date to contact  2004-01-01
Job title  Administrator
1.4. Emergency Plan
1.4.1. Security Targets
1.4.2. Emergency Cases
1.4.3. Tim
Company  AKS-Labs
Date to contact  2004-01-01
Job title  Security admin


Evaluate Mind Pad

You can download fully-function 30-days evaluation version of Mind Pad: 

Please, visit ordering page for more information about pricing and ordering.

News and featured articles about knowledge representation. Learn about mind maps, concept maps, process maps and other visualization techniques.



Please, let us know what you think about this article:

This article was useful for me

If article was not useful then, please let us know if:

Information is wrong

Needs more information

Not what I expected


Anti-spam verification: type how much is two + three (must be digit):

Your comments:

Your name (optional)        E-mail (optional)

Made in Devoler

Copyright © 2000-2017 AKS-Labs. All rights reserved.