
Administrative Data Gathering ◾ 175
© 2011 by Taylor & Francis Group, LLC
expected elements are necessary for all security controls, and not all documents
provided will be as neatly titled as the documents discussed here.
11
6.2.1.2.1 General Information Security Policies
In general, the information security policies should be well organized, documented,
approved by management, and distributed to the appropriate sta. e organiza-
tion of the security policy set can take many forms. It is suggested that the poli-
cies be organized by audience rst and subject matter second. For example, all of
the policies regarding expected behavior of employee ...