Promoting Security Policy Longevity

With more public exposure than ever before of data security breaches, an Information System Security has become imperative to lay the foundation of security requirements for computing and network environments for legal reasons, to meet security standards or regulatory requirements, and to mitigate damage to an organization's reputation. This paper examines what is necessary to plan for Information Systems Security Policy, and proposes a methodology that focuses on promoting the longevity of the policy by establishing a life-cycle of revision and involvement of the team of contributors.