This book illustrates how policies and procedures support the efficient running of an organization. It points out how security documents and standards are key elements in the business process, but should never be undertaken to satisfy a perceived audit or security requirement. Instead, policies, standards, and procedures should exist only to support business objectives or mission requirements; they are elements that aid in the execution of management policies. The authors detail how security policies support management directions, and they emphasize how information security must be integrated into all business processes. The book examines Tier 1, Tier 2, and Tier 3 policies.