Selling an Information Security Policy Network attacks continue to increase. It is crucial that the organization has an effective information security policy in place in order to reduce the chances of becoming a victim. In 2013, experts found network attacks of up to 50 Gbps, which cost businesses an average of $32,469 per day. The average number of days to recovery was 32 days, resulting in costs of up to $1,035,769 per attack. So far, 2014 network attacks have shattered the 2013 record with attacks averaging 200-400 Gbps in intensity. These figures are quite alarming when you consider that this is an estimate or average for a single attack. It is important to remember when dealing with information security that there are many types of attacks and threats such as viruses, worms, malware and spam. These attacks attack both networks and systems, disrupting operations as well as reducing productivity. Some types of threats can go undetected for a long time, such as in the case of data theft. When faced with data theft, it can be difficult, if not impossible, to assign a dollar amount to the extent of the damage caused. Data theft is a real threat to the functionality and existence of the company. Data theft can result in costly legal fees and compromise your company's reputation. An effective information security policy is critical to reducing damage and costs if your organization is attacked. The information security policy contains several sections including an overview, purpose, scope, target audience and policies. The overview and purpose of the policy is contained in the information security policy introduction. Not only does it provide background information on the issues the policy addresses, but… half of the document… policy guidance: why you need it, what it should convey, and how to implement it. Retrieved from http://www.instantsecuritypolicy.com/Introduction_To_Security_policies.pdfProlexic. (2013, July 17). According to Prolexic's latest DDOS attack report, the average rate of packets per second and bandwidth of attacks increases by 1,655% and 925%, respectively. Retrieved from http://www.prolexic.com/news-events-pr-significant-increases-in-average-attack-bandwith-and-packet-per-second-rates-q2-2013-report.htmlSmith. (2013, October 9). [Web log message]. Retrieved from http://www.networkworld.com/community/blog/most-costly-cybercrime-attacks-denial-service-malicious-insider-and-web-basedThe SANS Institute. (2009, January 26). The business justification for data security. Retrieved from https://www.sans.org/reading-room/whitepapers/dlp/business-justification-data-security-33033