This essay discusses information security policy, focusing on information control and dissemination, for automated information systems (AISs).
Most organizations have some sort of high level information policy that addresses how and what information is to be handled by the organization. AISs have changed how information can be used. A further refinement of the high level information policy is necessary to deal with this automation and establish what is considered acceptable behavior with respect to the information.
An information security policy addresses many issues such as the following: disclosure, integrity, and availability concerns; who may ...