Watch this video on YouTube
Who is ultimately accountable for the development of an IS security policy?