What is a key control to protect systems and business information?

Establishing and communicating policies is essential for protecting systems and business information because it creates a clear framework of expectations and procedures that all employees must follow. Policies serve as guidelines for behavior, helping to minimize risks associated with data breaches, unauthorized access, and misuse of company resources. When policies are effectively communicated, employees are more likely to understand their roles in protecting sensitive information and adhere to security protocols.

Moreover, a well-defined set of policies can address various aspects of information security, including data handling, access controls, incident response, and the use of technology. This helps instill a culture of security within the organization, ensuring that everyone is aware of best practices and the importance of safeguarding business information. In contrast, choices that involve minimizing automated processes or relying solely on manual processes may increase the risk of human error and make it more difficult to enforce security measures consistently. Allowing unauthorized applications can expose the organization to vulnerabilities and increase the likelihood of security incidents.