Organisations exist in an ever changing technological world and to ensure they can continue to operate in this environment and do business they must be aware of security issues and take the appropriate measures that protect key assets, i.e.:-
- Business and the infrastructure to support the business
- Information and services
Security attacks are increasing all the time and it is important that systems and information can be protected against these threats. The first step in achieving this is to document the rules around system configuration and system use. By complying with these written guidelines management can be sure they are doing everything they can to protect both systems and people from a security threat.
It is important to remember that the policies protect staff just as much as they do the organisation. Policies are the first very important step in managing IT system security.