Information Systems Security and the Need for Policy

Authors

Michael E. Whitman, Kennesaw State UniversityFollow
Anthony M. Townsend, University of DelawareFollow
Robert J. Aalberts, University of Nevada, Las Vegas

Document Type

Book Chapter

Publication Date

2001

Abstract

As the pervasiveness of networks create a more open set of information systems for the mobile and diverse needs of the organization, increased attention must be paid to the corresponding increase in exposure of those systems to attacks from internal and external sources. The first step to preparing the organization against these threats is the development of a systems security policy which provides instruction for the development and implementation of a security posture, as well as provides guidelines for the acceptable and expected uses of the systems. This chapter provides background support for the need for information security a sample structure that may be used to develop such a policy.