Best practices for it infrastructure security policies discussion post

Discuss at least four (4) best practices for IT infrastructure security policies in domains other than the User Domain. Pick one domain outside the user-domain to focus on.

 Address the following topics using your own words: 

 1. IT framework selection 

 2. When to modify existing policies that belong to other organizations versus creating your own policies from scratch 

3. Policy flexibility 

4. Cohesiveness 

5. Coherency 

6. Ownership 

Explain your answers.  If using content from internet please Cite them in APA format.