Welcome » IT Booklets » Information Security » Information Security Strategy » Architecture Considerations » Policies and Procedures
Policies are the primary embodiment of strategy, guiding decisions made by users, administrators, and managers and informing those individuals of their security responsibilities. Policies also specify the mechanisms through which responsibilities can be met, and provide guidance in acquiring, configuring, and auditing information systems.
Key actions that contribute to the success of a security policy are
Institutions are required to establish an information security program that meets the requirements of the 501(b) guidelines. Information security polices and procedures are some of the institution's measures and means by which the objectives of the information security program are achieved.