5315    ORGANIZING INFORMATION SECURITY
(Revised 10/09)

Agency executive management must be visibly committed to information security and the practice of risk management. Risk management must be based upon an appropriate division of responsibility among management, technical, and program staff, with written documentation of specific responsibilities. Agency security policies and procedures must be fully documented, and agency staff must be knowledgeable about those policies and procedures. This section identifies the framework management establishes for the implementation of information security. See SAM Section 5360 for Filing requirements.

AUTHORITY          STANDARDS          GUIDANCE          FORMS          TOOLS