Elements of a Security Policy
Names of decision making managers
Incident reporting system and response team
Risk assessment with priorities
Controls on all major access points to prevent or deter unauthorized external access
Controls within the network to ensure internal users cannot exceed their authorized access
Balance controls to control network while not stopping legitimate access
User training plan on security
Testing and updating plans