Information Security Policy

Information Security Policy
Eric Barthelmy
Jude Bowman

Information Security Policy
Information security policies are an essential part of any organization to protect vital data and streamline business processes. Policy development is the primary reason for success in any information security program, which includes creating policies, standards, and practices. (Whitman & Mattord, 2010). Employees and other people within the organization play a major role in this process, as well as other aspects of the information security policy. Information security policies are designed to express the will of the organization by controlling the behavior of its employees (Whitman & Mattord, 2010). Also, breaking down security into multiple levels helps to close any gaps that may exist, which promotes a higher degree of security. All of the components of an information security policy must work together in a cohesive manner, but it all begins with developing appropriate policies.
Policies, Standards, and Practices
Policies are created to dictate acceptable and non-acceptable behavior, which is carried out with the use of standards and practices. With the use of policies, standards, and practices an organization is able to establish a complete set of secure boundaries designed to protect vital information while promoting productivity (Whitman & Mattord, 2010). These represent the core fundamentals of any information security program. In general, policies represent formal statements regarding securing information, standards are detailed statements that depict policy statements, and practices represent courses of action employees are expected to follow (Whitman & Mattord, 2010). Essentially, policies drive standards which in turn drive practices. This type of breakdown is designed to simplify security policies for everyone in the organization, making it much easier for employees to understand and follow the guidelines.

Employee Role...