Why Do You Need a Security Policy and Training?
Who is responsible for securing an organization’s information? Perhaps the Research and Evaluation department? Not exactly. The Management Information System (MIS) staff? Wrong again. Ultimately, it is not only individual employees or departments that are responsible for the security of confidential information, but also the institution itself. It is, therefore, incumbent upon top administrators, who are charged with protecting the institution’s best interests, to ensure that an appropriate and effective security policy is developed and put into practice throughout the organization.
Policies that are neither implementable nor enforceable are useless—ten security regulations that are implemented are more effective than 110 that are ignored.