Chapter 7. How to Design, Organize, Implement, and Maintain IT Security Policies

IN CHAPTER 6, you learned about policy frameworks. A framework includes policies, standards, baselines, procedures, and guidelines. We introduced you to some widely accepted frameworks to help you develop your own library of documents. You also learned about the roles people perform to create the library.

Viewing the IT security program at the framework level gives you a macro or holistic view of the program's span. At this level, you see overarching statements about a particular security topic but few details. It's essential to establish the framework properly because it's the basis for further work on the library.

If the policy framework from Chapter 6 is at the macro ...

Get Security Policies and Implementation Issues now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.