Information security should be applied to all corporate operations. Business Units are responsible for ensuring that their information assets are appropriately protected. All users have responsibility for the information security they utilize, and management must ensure that information security controls are properly implemented. Information security does not ensure security. However, the information security does provide a framework and reference point for management to implement appropriate information security controls, and is a means of raising awareness of users' responsibilities relating to information security. The potential consequences of an Information Security breach can: 1.Loss of life and injury 2.Loss of shareholder confidence 3
