The following are reasons for using and enforcing security policies:
Protecting systems from the insider threat—The "insider threat" refers to users with authorized access. These are privileged users who would have the ability and access to wreak havoc on the system. The insider threat is probably the most significant threat to any information system. Policies help monitor authorized user activity.
Protecting information at rest and in transit—Data is generally in one of two states—data ...
Slide 49 - SecPlus
Share this highlighthttp://www.safaribooksonline.com/a/security-policies-and/18956/