Chapter 8. IT Security Policy Framework Approaches

A SECURITY POLICY FRAMEWORK is a comprehensive way of looking at information risks. You can look at security frameworks as a systematic way to identify, mitigate, and reduce these risks. The data can be at rest or moving through a process. The core objective of these frameworks is to establish a strong control mindset. A framework supports business objectives and legal obligations. It also promotes an organization's core values.

In this context, risk represents an event that could affect the achievement of these goals. For an organization to truly have control over these risks, a strong system of internal security controls must be in place. Security policies and procedures should be understood ...

Get Security Policies and Implementation Issues now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.