The Role of Information Security Policy

1107 Words5 Pages
The Role of Information Security Policy The Role of Information Security Policy The failure of organizations to implement a comprehensive and robust information security program can mean the untimely demise for some and costly setbacks for others. At the heart of information security is security policy. Without security policy there can be no security program. Without people, security policies would not exist. They would not be written, implemented, and enforced. Security policies and the adoption of standards provide many benefits as shall be discussed in this paper. Further is discussed how information in systems often falls under different classifications to reflect a degree of sensitivity and how this relates to an…show more content…
In the eyes of customers, failure to protect their information is a violation of trust. Responsible parties will have their reputations diminished and be held accountable for damages or loss. A kind of benchmarking is following the recommended practices of other organizations or industry standards (Conklin et al, 2012” Security Management Models”). In this way organizations can adopt practices that are already proven to work. Federal regulations give the push some organizations need to implement and maintain adequate information security control levels. Mandatory audits help keep these organizations “honest” and in compliance. 2.0 The Role of Employees in Policy Security policy comes down from the top. The enterprise information security policy (EISP) is a high-level document “drafted by the chief information security officer (CISO) in consultation with the chief information officer (CIO) and other executives” (Conklin et al, 2012, “Information Security Policy”). Security information policy, however, has an effect on everyone in the organization. Policies have to be uniformly applied to be effective. If management fails to support policy, the policy is typically ignored. Employees often try to circumvent policy. People are generally resistant to rules and regulations that tell them what to do. The role of security education, training and awareness (SETA) is important
Open Document