In the wake of integrated and interconnected information systems and increasing threats, protecting information assets are of paramount importance. The ISO 17799 standard stipulates ten domains of information systems security controls. Among these controls is the information systems security policy. This paper looks at the need for protecting information assets, the role of information security policy and outlines qualities of an effective information systems security policy.