Information Security Policies
The purpose of the information security policy is to establish an organization-wide approach to prescribe mechanisms that help identify and prevent the compromise of information security and the misuse of organization’s data, applications, networks, and computer systems to define mechanisms that protect the organization from its legal and ethical responsibilities with regard to its networks’ and computer systems’ connectivity to worldwide networks. Most of the organizations worldwide already have formulated their information security policies. Having a security policy document in itself is not enough, the document must be complete. This paper examines security policies of 20 different academic organizations with standard security policy framework and attempts to answer questions such as: are these security policy documents complete? Are they fully up to date? Does the precept match the practice? These are kind of questions that are addressed in this study.