The Role of Information Security Policy Essay

894 Words4 Pages
Implementation of policies and standards within an organization are important to maintain information systems security. Employees within an organization play a huge role in the effort to create, execute, and enforce a security policy. Every business requires a different strategy and approach to it's security policy, depending on their size and nature of business. Security Policies An organization's security policy describes the company's management intent to control the behavior of their employees in relation to information security. A security policy is necessary to protect proprietary information within a company. Because security policies apply to employees at all levels in a company, they should be written at a reading level that…show more content…
Role of Employees Another thing to note when developing a security program is the composition of the team that is in charge of determining said policy. Employees are a critical component to a successful security policy. Employees must fully understand the policy as well as have the motivation and accountability to adhere to it. Executive level employees are responsible for creating an awareness of why security policy is important. This leads to organizational buy-in, which is an essential tool for the organization to control the behavior of their employees. The Chief Information Security Officer (CISO) is responsible for technical strategy and policy creation and enforcement. Both technical and non-technical employees should be involved. Corporate level executives should have some say in the policy, but should rely heavily on the information security team. Legal teams should also be involved in the creation and changes of the policy in order to ensure that all policies and procedures could hold up in court if ever needed. Non-managerial employees are often involved when creating and changing policies. If the company feels the creation process involves all levels of employees, there will be greater buy-in and more success. Training and Implementation Because employees are a determining factor for the success of an organization's security policy, the training and implementation of the policy are
Open Document