Chris Hare: Policy Development. Information Security Management Handbook, 6th ed. 2007: 475-498