vii
Introduction
Operational necessity dictates the majority of actions taken by an IT
department. Both documented and undocumented policies and pro-
cedures are developed to support the performance of actions dictated
by such operational necessity. However, these are not the only reasons
for policy development. Informational resources must be protected
from unauthorized access. A fully developed information security
program with documented security policies and procedures provides
the structure and guidance needed to help ensure the protection of
informational resources.
To summarize, we can say that an information security policy is
written to protect the organization’s data and dene management’s
strategy for securing