Information Systems Security and the Need for Policy
Michael E. Whitman (Kennesaw State University, USA), Anthony M. Townsend (University of Delaware, USA) and Robert J. Aalberts (University of Nevada, USA)
Copyright: © 2001
As the pervasiveness of networks create a more open set of information systems for the mobile and diverse needs of the organization, increased attention must be paid to the corresponding increase in exposure of those systems to attacks from internal and external sources. The first step to preparing the organization against these threats is the development of a systems security policy which provides instruction for the development and implementation of a security posture, as well as provides guidelines for the acceptable and expected uses of the systems. This chapter provides background support for the need for information security policy, and outlines a sample structure that may be used to develop such a policy.