Information Systems Security and the Need for Policy
As the pervasiveness of networks create a more open set of information systems for the mobile and diverse needs of the organization, increased attention must be paid to the corresponding increase in exposure of those systems to attacks from internal and external sources. The first step to preparing the organization against these threats is the development of a systems security policy which provides instruction for the development and implementation of a security posture, as well as provides guidelines for the acceptable and expected uses of the systems. This chapter provides background support for the need for information security a sample structure that may be used to develop such a policy.
Whitman, Michael E., Anthony M. Townsend, and Robert J. Aalberts. "Information Systems Security and the Need for Policy." Information Security Management: Global Challenges in the New Millennium. Ed. Gurpreet Dhillon. Hershey PA: IGI Global, 2001. 10-20.