The implementation of policies and standards within an organization is important for maintaining the security of information systems. Employees within an organization play a huge role in the effort to create, execute, and enforce a security policy. Each company requires a different strategy and approach to its security policy, depending on the size and nature of the business. Security Policies An organization's security policy describes the intent of the company's management to control the behavior of its employees related to information security. A security policy is necessary to protect proprietary information within an organization. Because security policies apply to employees at all levels of a company, they should be written at a reading level that all employees can understand. Additionally, multilingual versions should be available for employees whose first language is not English. An organization's security policy should not conflict with the law. At a high level, an enterprise information security policy is created that supports the organization's goals and mission. This EISP does not require frequent changes. Problem- and system-specific security policies also exist within the EISP. Issue-specific policies provide targeted guidance to employees related to a particular technology or event. System-specific policies provide management guidance and access control lists related to certain software or systems used by the company. The intensity and depth of an organization's security policy depends largely on the nature of its business. A large company versus a small company would require a different approach to their security policy. Also, the type of information the company deals with… middle of paper… working in a corporate environment. The Certified Information Systems Auditor (CISA) certification trains professionals in IS audit control and assurance. The list goes on, but the bottom line is that many companies can benefit from hiring security professionals with the skills and knowledge gained through these certifications. Every organization, large or small, should have some level of security policy to protect its proprietary information. Although the intensity and depth of an organization's security policy largely depends on the nature of its business, common guidelines that apply to all policies are mentioned in this document. One of the most important things to remember is that employees are a critical component of a successful safety policy. It is the organization's responsibility to ensure that its security policy is widely disseminated and understood.