After
risks are identified and responsibilities for managing them are assigned, the policy’s outline should be generated with those risks in mind
The
security policy should explain clearly to users:
nWhat
they can and cannot do
nHow these measures protect the network’s security