ABSTRACT
The cornerstone of an effective information security architecture is a well- written policy statement. This is the source from which all other directives, standards, procedures, guidelines, and other supporting documents will spring. As with any foundation, it is important to establish a strong footing. As will be discussed, a policy performs two roles: one internal and one external.
