BUSINESS NEEDSInformation security performs four main functions for an organization.1. Protects the ability of organization to function.2. Enables safe operation of applications implemented on organization’s its IT systems.3. Protects data which the organization collects and uses.4. Safeguards technology assets in use at the organizationBoth general management and IT management responsible for implementing information security which protects the organization’s ability to function. Information security is management issue and people issue both as they perceive it to be a technically complex task; actually implementing information security has much to do with management than with technology.Each and every organization should address information security in the terms of business impact and cost instead of focusing on security as a technical problem.Enabling the Safe Operation of ApplicationsModern organization is required s to create an environment which safeguard applications by using the organization’s IT systems. Like operating system (Windows/Unix/Linux etc.,), electronic mail, and instant messaging (IM) applications. Management should continue to oversee infrastructure once in place—not defer to IT department.Protecting Data that Organizations Collect and UseWithout data, an organization loses the record of transactions and ability to deliver value to customers. Both protecting data in motion and data at rest are significant aspects of information security. Safeguarding Technology Assets in OrganizationsTo perform effectively, organizations should posses secure infrastructure services based on size and scope of enterprise. For example, a small business can get by using an e- mail service provided by an ISP and augmented with the personal encryption tool. Additional security services may be required as organization expands. For instance, organizational growth could lead to the requirement of public key infrastructure (PKI), an integrated system of software, legal agreements and encryption methodologies which can be used to support entire information infrastructure of an organization. More robust solutions may be required to replace security programs the organization has outgrown.