Who should make Security Policy?

Full support of ``community'' is a must.

• site security administrator
• information technology technical staff (e.g., staff from computing center)
• administrators of large user groups within the organization (e.g., business divisions, computer science department within a university, etc.)
• incident response team
• representatives of the user groups affected by the security policy
• responsible management
• legal counsel (if appropriate)