Who should be involved in development of a Security Policy ?
Developing a Security Policy requires an active support and ongoing participation of individuals from multiple ranks and functional units. You can form a working group or task force to develop the Policy. But the exact group of personnel required depends on your organization’s requirements. In general, this group may include empowered representatives from management, technical personnel, system developers, operational personnel, officers or users. Management represents the interests of the organization’s goals and objectives, and can provide the overall guidance, assessment and decision making. Technical personnel can provide technical support for various security mechanisms or technological aspects. Users represent the users of related systems who may be directly affected by the Policy. Sometimes, a third party may get involved to review the Policy drafted.
