The University of SydneyPage 212. Security Strategy and Policy–Determine how administrative aspects of IS security are managed–Establish a security program–Assign program management responsibilities–Set an organisation-wide computer security purpose and objectives–Establish a basis for policy compliance