“…One increasingly important mechanism for protecting corporate information, and in so doing helping to safeguard organizational knowledge assets, is through the formulation and application of a formal information security policy [Hinde, 2002;von Solms & von Solms, 2004]. The broad consensus within the literature is that the information security is a high level document, which defines the organizations' goals, intentions and priorities, with respect to the management of information security, as well as highlighting the roles, rights and responsibilities of individual members of staff, with respect to the attainment of the security objectives [Hong et al, 2006;Hone & Eloff 2002a]. Given their perceived importance, it is not surprising that there is already an established literature, with respect to the importance and role of the policy, as well as approaches to its formulation and dissemination.…”