3

INFORMATION SECURITY POLICY FRAMEWORK

Developing and maintaining a set of documents that make up the information security policy set (e.g., policy, standards, guidelines, and procedures) for an organization can be a significant undertaking. These documents cover the goals, objectives, and requirements for the organization’s security program, user behavior, and minimum controls for information systems and applications. To say such a document set results in a large set of policy statements is an understatement.

To provide some structure to this process, it is imperative that the author or project leader of the information security policy set adopts a framework to guide the development and ensure proper coverage. A framework is simply the basic ...

Get Information Security Policies, Procedures, and Standards now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.