The Infrastructure for an IT Security Policy

Every company operates within a complex combination of laws, regulations, requirements, competitor challenges, and partner expectations as well as being affected by morale, labor relations, productivity, costs, and cash flow. Within this environment, management must develop, publish, and maintain an overall security statement and directives. From the security team’s perspective, a security program addresses these directives through policies and their supporting elements, such as standards, procedures, baselines, and guidelines. FIGURE 9-1 shows the elements of a security policy environment.

A diagram explaining the security policy environment. The environment has the overarching organizational policy and the management’s security statement. Supplanting the environment are the following. Regulations. Organization objectives. Organizational goals. Laws. Shareholders' interests.

FIGURE ...

Get Fundamentals of Information Systems Security, 4th Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial