Thinking about who is responsible for securing an organization’s information? Perhaps the Research department? Not exactly. The Management Information System officer (MIS) staff? Wrong once more. Ultimately, it is not only individual employees or departments that are responsible for the security of confidential information, but also the institution itself. It is, therefore, incumbent upon top administrators, who have been charged with protecting the institution’s best interests, to ensure that an appropriate and effective security policy is developed and put into practice throughout the organization.