MOST ORGANIZATIONS TODAY rely on computers to conduct business. Whether in the public or private sector, the threat of information being stolen or unauthorized access is a major concern. When you reduce these types of risks to information assets, you reduce risks to the business as well. Security policies let your organization set rules to reduce risks to information assets. Management has a direct interest and role to play in ensuring these rules are followed.

You can't eliminate all business risks. In some cases, a good policy can reduce the likelihood of risk occurring or reduce its impact. The business must find a way to balance a number of competing drivers. Some of these drivers ...