The high-level information security policy that sets the strategic direction, scope, and tone for all of an organization’s security efforts; also known as a security program policy, general security policy, IT security policy, high-level InfoSec policy, or simply an InfoSec policy.