The growing use of information technology in sensitive daily transactions highlights the significance of information security to protect information assets. Vulnerabilities associated with public and private transactions pose challenges that government, private organizations, and individuals are compelled to respond to by adopting appropriate protection measures. Information security responds to the need of transacting parties for confidentiality, integrity, and availability of resources (Pfleeger, 2000). Information security is required in transactions carried out among, businesses, public administrations, and citizens. An organizational response to information security threats includes setting up and implementing appropriate policy frameworks that are typically endorsed by agreement. Beyond organizational objectives lies an emerging legal framework instigated by the role of information security as a means to safeguard information assets that are socially significant. Organizations are often required to implement information security measures mandated by industry regulations or legislation, such as in electronic banking transactions. The scope of these legal and regulatory requirements is to mitigate potential risk that entails liabilities for shareholders, employees, customers, trading partners, or other third parties involved in a transaction. Information security and its subsequent regulation are equally important for public services. In e-government services made available to citizens and businesses, information security ensures e-government transactions. The remainder of this article presents an overview of the prevailing legal and policy issues that are currently associated with information security.