When building an information security policy, it is important to note how the required security controls impact the organization and affect the business application processes. Discuss how an organizational security policy is developed and implemented in an organization. What are some of the formal roles and responsibilities required by the organization's security policy and the reporting structure?