Chapter 6. IT Security Policy Frameworks

AN INFORMATION TECHNOLOGY (IT) security policy framework is the foundation of an organization's information security program. The framework consists of a library of documents. Organizations can use the framework to help build processes and acquire technology to enforce policies. The framework is also useful for putting security personnel in place to operate and maintain the program.

Organizations cannot afford to be reactive or operate in an ad-hoc fashion regarding information security. There's increased accountability and liability with regulations. There's increase demand from senior leadership to demonstrate value. There's a push and drive from security professionals to measure success. However, before ...

Get Security Policies and Implementation Issues now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.