Information Security Policy Trend as a Foundation to Protecting Information Resources

Abstract

Although many institutions have implemented technical solutions to protect information resources from adverse events, internal security breaches continue to occur. An approach that emphasizes on information security policy within the institutions is therefore required to make security part of employees’ daily work routines. In order to develop a successful information security culture within an organization, it is worth understanding both technical and non-technical aspects of information security. The purpose of this paper is to outline the strategies and management processes behind implementing a successful Security Policy. Additionally, the paper gives recommendations for the creation of a Security Awareness Program, whose main objective is to provide staff members with a better, if not much improved understanding of the issues stated in a security policy.