ABSTRACT
The information security policy set is necessary to define the goals and objectives of the information security program. Many corporations lack a basic and updated set of information security policies. The 2013 PWC Global State of Information Security Survey provides even more details on missing security policy elements of organizations worldwide. The survey found that over half of all organizations missed key security policy elements such as user administration and physical security. Organizations can accomplish vast improvements in their security posture by creating or revising a set of information security policies that identifies and implements the organization’s information security objectives. When embarking on the creation or revision of an information security policy set, it is important to remember that top management involvement in the security program and the creation of information security policies go hand in hand. Unfortunately, not all information security programs are developed using the top-down security approach.
