The University of SydneyPage 27Information Security Policy–Issue-specific & System-specific Policies•Address specific areas of concerns(Remote Access, Wireless security, etc.)•Compliance policies•Technical infrastructure baselines–Numerous IS security problems have been attributed to the lack of a security policy–Possible vulnerabilities related to security policies occurs at three levels–policy development –policy implementation–policy reinterpretation