The Role of Information Security Policy
A successful Information Security Program is determined by how the security policy for an organization is developed, how it is implemented, and maintained. An effective sound security policy creates a solid foundation for an information system. The policy makers must emphasize that within the organization, the role played by information security is of paramount importance. The system administrator is responsible for setting employees’ roles, authenticating the identities of employees, setting access levels, logging security-relevant transactions, initiating awareness efforts, and ensuring that the information security objectives are met. In addition, the security policy for the organization must entail reduced risks to the system, comply with laws and regulations, ensure essential content and operational continuity, information integrity, and maintain confidentiality.
The importance of policies and standards for maintaining information systems security
The security goals and policies of an organization are best implemented by the organization’s management through their ability to create an effective work environment for the employees. Information security policies are often the most difficult to implement yet they are the least expensive means of control. Whitman (2011) referenced Charles C. Wood who stated that, “Policies are important reference documents for internal audits and resolution of legal disputes about an organization’s management’s due diligence. Policy documents can act as a clear statement of management’s intent.” An organization’s security policy must set strategic goals and direction for security efforts by assigning responsibilities, practices, and objectives to end users. The development, implementation, and management requirements are specified by a security policy. It provides targeted