The module provides an overview of concepts and standards of Information Security and Privacy Protection and discusses the requirements for the establishment and implementation of policies on information security, as well as the life cycle of information security policy. It aims to equip Government officials and civil servants with the knowledge and tools to assess existing information security policies in terms of international standards of privacy protection in order to formulate and implement information security policies, plans and programmes which fit their national contexts.