What is Information Security Policy

The evolving nature of information security threats such as cybercrime, as well as the need to ensure the confidentiality and privacy of citizen information and to protect critical infrastructure call for effective information security management in the public sector. According to Evers (2006), the FBI (Federal Bureau of Investigation) estimates that cybercrime will cost businesses an estimated $67.2 billion per year. Citizens’ privacy and the security of their personal information have become issues of increasing concern as headlines of data security breaches and identity thefts abound in the mainstream media. For example, in 2005, 9.3 million U.S. citizens, about 4.25% of the population, were victims of identity theft and fraud, costing approximately $54.4 billion (Council of Better Business & Javelin Strategy & Research, 2006). E-government applications have made it easier for citizens to conduct business online with government agencies, although their trust in the ability of governments to keep that information private is low. Considering the amount of citizen information held by governments at all levels and the steps needed to address potential homeland-security and IT-related threats to critical infrastructure, the need for effective means of safeguarding public agency data has become an issue of paramount importance. In addition, the need to ensure integrity and availability of public information resources is crucial to many government operations. As a result, several states are recognizing the importance of information security and privacy in their state IT strategic plans (National Association of State Chief Information Security Officers [NASCIO], 2006).