Computers as well as the networking environments in which they operate have evolved into highly sophisticated and complex systems. The intricacy of these systems and especially the relationship between them forms the greatest area of vulnerabilities for organizations. (Whitman and Mattord, 2004) Information needs to be transmitted to and from the organization, and thus may be vulnerable within certain stages along the communications line. If at any stage of the process, the information is compromised, it could have a negative impact on the entire organization. Protective measures such as disaster recover plans, encryption/ decryption, and information system security controls, can minimize or prevent the negative consequences. Therefore it is vital that management of information system assets take measures to protect their critical data and information from loss damage and misuse. The process of minimizing risks associated with information security includes the compilation of a detailed and standardized information security policy. Such a policy has to address issues such as threats and possible counter measures as well as defining roles and responsibilities. The aim of this study was to assess the status of the information security policy compiled and implemented by Loreto College Msongari. During the study, the status of security of the information systems assets at the college, existence and format of the security policy as well as the commitment of the college to address security issues was measured
