ABSTRACT
Information is a major asset of an organization. As with any major asset, its loss can have a negative
impact on the organization’s competitive advantage in the marketplace, a loss of market share, and
become a potential liability to shareholders or business partners. Protecting information is as critical as
protecting other organizational assets, such as plant assets (i.e., equipment and physical structures) and
intangible assets (i.e., copyrights or intellectual property). It is the information systems security officer
(ISSO) who establishes a program of information security to help ensure the protection of the
organization’s information.