Chapter 2. Business Drivers for Information Security Policies

MOST ORGANIZATIONS TODAY rely on computers to conduct business. Whether in the public or private sector, the threat of information being stolen or unauthorized access is a major concern. When you reduce these types of risks to information assets, you reduce risks to the business as well. Security policies let your organization set rules to reduce risks to information assets. Management has a direct interest and role to play in ensuring these rules are followed.

You can't eliminate all business risks. In some cases, a good policy can reduce the likelihood of risk occurring or reduce its impact. The business must find a way to balance a number of competing drivers. Some of these drivers ...

Get Security Policies and Implementation Issues now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.