All documents are in PDF 1.4 format, compatible with Adobe Reader 5.0 and higher
What Makes a Good Policy?
A framework is needed to coordinate corporate security policy development – a generic tree structure can be one of the most effective.
Preventing Policy breaches
Security policies will never be effective while they fail to mesh with business processes. The two must be closely integrated so that policy objectives cease to be viewed as externalities.
Depends What You Mean by Policies
Security policies should specify what you are trying to achieve, not blow by blow how – that's what procedures are for. But policies must explain why and define KPIs as well.