The book illustrates how policies and procedures support the efficient running of an organization. This volume points out how security documents and standards are key elements in the business process, but should never be undertaken to satisfy a perceived audit or security requirement. Instead, policies, standards, and procedures should exist only to support business objectives or mission requirements; they are elements that aid in the execution of management policies. This treatment details how security policies support management's directions. The authors emphasize how information security must be integrated into all business processes. They examine Tier 1, Tier 2, and Tier 3 policies.