Every organization, in addition to be profitable, also requires constituting in a way that could help it in achieving its organizational goals. In this document, the main focus will be on the workplace's legal environment such as laws, regulations, and policies, and also the integrity, confidentiality, and accessibility of simple information as well as the information systems that are associated with these factors of legal environment.
Generally, policies play vital roles in an organization. They define a wide variety of procedures and rules that are required to be followed by the employees and they are not allowed to act against such policies. The information security ensures that overall data available to an organization is secure and safe against attacks. It sets protocols for achieving the maximum possible integrity, confidentiality, and availability of the data. There are two sorts of different policies that are workable in an organization and that are: governmental policies that are issued by federal, state, tribal government and organizational policies that are issued by top management and are made for employee's guidance, for the protection of employees and of their information (British Columbia, 2011).
The rationale behind making such security policies in an organization is to fulfill several purposes, for instance, setting the rules for accepted behaviors by system, users, security personnel, management, and administrators; monitoring and investigating security personnel; defining the violation's consequences; defining the organizational consensus on security; assisting in risk minimization; and helping in being compliance by the organizational legislations and regulations (Canavan & Diver, 2007). Thus, both the policies in an organization provide an agenda that ensures the minimization or even the elimination of the potential risks. All the policies of an organization must be clearly understood by each employee and it is the responsibility of the organization to be sure that all of its policies are well-practiced by all employees.
The policies of Information Security are crucial as they help in risk reduction that is linked by the employee's uses of information resources of the company, as they use the information both by acceptable and unacceptable means. As per the Danchev of Windows Security, the initiating step towards enhancing the security of the company is the introduction of an enforceable policy regarding security, informing staff about several perspectives of their responsibilities, common utilization of company resources and providing explanations that how the susceptible information is needed to ...