CHAPTER 11

Frameworks, Policies, Controls, and Procedures

In this chapter you will learn:

•  Common information security management frameworks

•  Common policies and procedures

•  Considerations in choosing controls

•  How to verify and validate compliance

Innovation and best practices can be sown throughout an organization—but only when they fall on fertile ground.

—Marcus Buckingham

Security Frameworks

A security program is a framework made up of many entities: logical, administrative, and physical protection mechanisms, procedures, business processes, and people, all working together to provide a level of protection for an environment. Each has an important place in the framework, and if one is missing or incomplete, the whole framework ...

Get CompTIA CySA+ Cybersecurity Analyst Certification All-in-One Exam Guide (Exam CS0-001) now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.