Policies function like laws in an organization because they dictate acceptable and unacceptable behavior there, as well as the penalties for failure to comply. Like laws, policies define what is right and wrong, the penalties for violating policy, and the appeal process. Standards on the other hand, are more detailed statements of what must be done to comply with policy. They have the same requirements for compliance as policies.
What key factor(s) DO YOU recommend including within an organizations operations security policies? Why ?