Address the following topics as they apply to your policy:
1. Establish authorities and responsibilities for database security management.
2. Develop operational and incident management procedures when security breaches are discovered.
3. Define personnel and procedures for daily administration and maintenance of security policies.