The University of SydneyPage 102. Administrative Decisions–Create adequate structures and processes to realiseadequate security of information–Typicallythis has been beyond the realm of traditional IS security, however, it is increasingly becoming more central to planning and organisingfor security–Organisationalstructure to handle information flows–Authority and responsibility structures–Establishing high integrity business processes–Decisions related to resource acquisition–Financing information security operations–Return on information security investments–Facilities management