The University of SydneyPage 18Formal IS Security–Creating organisationalstructures and processes to ensure information security, i.e. ensure confidentiality, integrity, and availability.–Organizations are entities that process information with division of labourand add value in the process.–Creating and sustaining proper responsibility structures–Maintaining integrity of the roles–Creating adequate business processes–Establishing an overarching information security strategy and policy