Paper

All organizations, besides being profitable, also need to set structures in place in order to achieve such a goal. As discussed in this document, the highlight will be on the legal environment at the workplace such as policies, regulations and laws as well as how these factors ensures the confidentiality, integrity, and availability of information and information systems.

Policies in general play important roles in organizations. They define a set of rules and procedures that all employees must abide by. Information security thrives to make sure that all of the organization's data are safe and secure against attacks. It sets up protocols to follow in order to achieve maximum data integrity, availability, and confidentiality. There are two types of policies that rein in an organization: government policies and organizational policies.

In information security, government policies are policies issued by federal, state, local, or tribal government and which provide a framework for government organizations to establish local policies and procedures necessary for the protection of information and technology assets (British Columbia, 2011). The second sets of policies that guide an organization are organizational policies. These are written to guide an organization's compliance with laws, regulations, and policies. Organizational security policies should fulfill many purposes such as protect people and information; set the rules for expected behavior by users, system administrators, management, and security personnel; authorize security personnel to monitor, probe, and investigate; define and authorize the consequences of violation; define the company consensus baseline stance on security; help minimize risk; and finally help track compliance with regulations and legislation (Canavan & Diver, 2007).

The priority of both type of policies, government and organizational, is to provide a framework that helps to ensure that potential risks associated with an...