The purpose of information security is to protect information assets. It also prevents unauthorized disclosure, disruption, access, use, modification and information assets. Generally, there are three principles of Information security which can be defined as “CIA”. The terms indicate as confidentiality (C), integrity (I), and availability (A).
Any organisation required the information security polices :
(1) to define the requirement of an organization’s employees from a security perspective;
(2) reflect the risk appetite of an organization’s management and should reflect the managerial mindset when it comes to security;
(3) to provide direction upon which a control framework can be built to secure the organization against external and internal threats;
(4) as mechanism to support an organization’s legal and ethical responsibilities ;and
(5) as mechanism to hold individuals accountable for compliance with expected behaviors with regard to information security