Part 1 discusses the basic definition and importance of information security. Part 2 discusses strategy, methodology, and security standards, which provides the strategy and methodology, such as ISO 15408, control objectives for information and (related) technology (COBIT), operationally critical threat, asset and vulnerability evaluation (OCTAVE). In Part 3, a sample security document is provided.