Role in Developing Information Security Policies