A general rule is to establish a policy that will be effective for a maximum of five years yet remain current. How can you write a policy to achieve this goal without the policy becoming out of date?
The Chief Security Officer (CSO) must set constraints, rules, penalties, and enforcement for security policies. How will this be accomplished in your selected organization?