Like its other resources (financial, physical, human), information (strategic, operational) has become an important resource for any organization. Dependence on the information system can reach 85% in organizations with more than 500 employees. In addition, in the current environment of organizations characterized by an increasing number of interconnections, information is increasingly exposed and vulnerable. Information System security has therefore become a major concern. In this context and given the importance of the challenges for the organization, the complexity of the processes, the effectiveness of the protection of the information system cannot be based on a simple juxtaposition of “ready to use” security measures. But on a global, exhaustive, systemic approach based on studying its context, determining its security needs (business, regulatory and legal obligations), analyzing the risks to which its sensitive resources are exposed, identifying of its security objectives and their implementation into security measures, the implementation of which will eliminate the risks or reduce them to a level acceptable to the organization. All of the components (challenges, security needs, threats, security rules) of this approach constitute the Information System Security Policy (PSSI). Information and information system security is becoming a major and strategic issue. This is why each organization must have an information system security policy (PSSI).