Abstract
Although many institutions have implemented
technical solutions to protect information resources from adverse
events, internal security breaches continue to occur. An
approach that emphasizes on information security policy within
the institutions is therefore required to make security part of
employees’ daily work routines. In order to develop a successful
information security culture within an organization, it is worth
understanding both technical and non-technical aspects of
information security. The purpose of this paper is to outline the
strategies and management processes behind implementing a
successful Security Policy. Additionally, the paper gives
recommendations for the creation of a Security Awareness
Program, whose main objective is to provide staff members with
a better, if not much improved understanding of the issues stated
in a security policy.