Managing information security through policy definition: organizational implications