Why the Organization Needs Information Security Policy and Programme

Publication Type:

Report

Source:

IT4Sec Reports, Institute of Information and Communication Technologies, Number 109, Sofia (2013)

Keywords:

adaptability, Information, Information Security, information security policy, information security programme, Organization, resources, threat, vulnerability

Abstract:

This report outlines the reasons why each organization needs to adopt an information security policy and an information security programme, emphasising the competitive advantages based on improved adaptation capabilities. First, it examines the concept of information security. On that basis, the author represents possible formulation of organizational objectives. The examination of organizational activities in a competitive context allows to formulate specific ways in which information becomes of utmost significance. The report includes examples demonstrating the need to establish an information security policy and an information security programme, including description of threats and vulnerabilities that, unless adequately managed, could decrease the organizational capabilities to achieve their goals.

Share/Save