The beginning of a sound information system security program is the development of a security policy document that will help protect the organization�s assets and reputation. Often, the policy is written and placed on the shelf to be admired, but is not implemented, enforced or maintained. Not having a security policy today is a legal liability for any corporation, but what about policies that are written, and then never enforced? This presentation explores the life-cycle and methodology for successful security policy development, implementation, maintenance, and continued enforcement. Coordination with executive management, information system users, legal counsel, and security professionals are all part of the success model. Learn specific activities that have been used in the field to establish the security policy as part of the organization�s framework for operation and how to revive or rework existing policy that has not been implemented.