The reality is that while a lot of the responsibility lies with the IT function to provide technological barriers, there is little guidance on how to establish a strategy for information security and corporate policies that can be easily justified to your staff, clients or explained to external regulatory bodies. Without a structured means to establish a set of policy guidelines, you cannot be confident of the security you have and you will not be able to justify your security policies.
Running a one day information security strategy workshop with your staff can help ensure that you have appropriate and effective policies in place to maximise the security of your information.