Security Policy frameworks: practices, and procedures, business practice disclosures. Policy authority and practices, information security practices, personal and physical security practices, operation management practices, PKIs and key management schemes, key generation, key storage, backup, recovery and distribution, XML frameworks for security policy specification, certificate management life cycle. Output measurement approaches, benchmarking, function points as measurement, estimation of software reliability, software metrics, software auditing, merits and auditing in outsourcing, SE1 & ISO based measurement, merits, CMM and P-CMM, Auditing Standards & groups, Audit Methods & Tools.