Chapter 6. IT Security Policy Frameworks

AN INFORMATION TECHNOLOGY (IT) security policy framework is the foundation of an organization's information security program. The framework consists of a library of documents. Organizations can use the framework to help build processes and acquire technology to enforce policies. The framework is also useful for putting security personnel in place to operate and maintain the program.

Organizations cannot afford to be reactive or operate in an ad-hoc fashion regarding information security. There's increased accountability and liability with regulations. There's increase demand from senior leadership to demonstrate value. There's a push and drive from security professionals to measure success. However, before ...

Get Security Policies and Implementation Issues now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.