Who should read information security policies?

Security policies are generalized requirements that must be written down and communicated to certain groups of people inside, and in some cases, outside the organization.   For example, a more general Internet Acceptable Use Policy covering the acceptable use of electronic mail would need to be read by every person with access to electronic mail.  A more specific security policy, such as the Incident Response Policy defining how the organization will respond to a security incident, may only need to be read by a select group of people within the information security and information technology groups.  In another example, a Third-Party Security Policy that defines the requirements for access to company systems from external parties would need to be read and acknowledged by these parties before access is approved.