Who should be involved in the development of a security policy?
Developing a security policy requires the active support and ongoing participation of individuals from multiple ranks and functional units within the organisation. A working group or task force can be formed to develop the policy. In general, this group can include empowered representatives from senior management, technical personnel, operational personnel, and business users. Senior management represents the interests of the organisation’s goals and objectives, and can provide the overall guidance, assessment and decision-making. Technical personnel can provide technical input and feasibility assessments for various security mechanisms or aspects of technology. Business users represent the users of related systems who may be directly affected by the policy. Sometimes, a third party consultant may need to be involved, to review the draft security policy.
