Policies and frameworks

Senior management must actively pursue the formation of the framework for governance for the enterprise. The absence of this framework is likely to be perceived as negligence. As management develops vision and understanding of the controls required to manage (govern) the enterprise adequately, the collection of policy documents must be developed. The rules of acceptable use and behavior for the workers must be formalized to establish the basis of control. These documents become essentially contracts or agreements between management and the employees of the company. They become somewhat legalist and potentially binding, and should include the caveat that violation of any of the policy documents, failure to comply, is sufficient ...

Get CISSP Training Kit now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.