The Role of Information Security Policy

Information Security Policy

CMGT/400

January 14, 2014

Information Security Policy

There is a simple but profound truth; the company or organization that fails to implement and adhere to a cohesive, strong and comprehensive security program for the organization’s systems, information and data is one that is setting the stage for its own demise or at the least, crippling setback. The information security program begins with the information security policy. If there is no security policy and there is no security program to speak of. Security policy begins with and is for the people within the organization. Like instructions that tell computer systems how to function and execute the programs, security policy tells people how to function, and provide safe and secure environment for those systems, the information and data. Security policies and adoption of standards provide integral benefit for the success of the organization. This discussion provides a view of information within the system often is usually maintained within different classifications which reflect the degree of sensitivity of various sections of information and how that relates to the organizations criteria for their security policy.

Defining Security Policy

Simply put “policy is the essential foundation of an effective security program” as well as “the centrality of information security policies to virtually everything that happens in the information security field is increasingly evident” (Conklin et al (2012). “Information Security Policy”). Webopedia.com continues by further describing security policy this way “a document that outlines the rules, laws, and practices for computer network access” (2013, “Security Policy”). The policy describes precisely how an organization is to manage, maintain, protect and monitor the use and appropriate application of critical and sensitive information. The security policy also...