CHAPTER

6

IT Security Policy Frameworks

AN INFORMATION TECHNOLOGY (IT) security policy framework is the foundation of an organization’s information security program. The framework consists of a library of documents. A policy framework is much more than “just” a collection of documents. Organizations use these documents to build process, determine acceptable technologies, and lay the foundation for enforcement. The security policy framework documents and their implementation express management’s view of the importance of information security.

Security policies frameworks can be large and complex, with significant impacts to the organization. Implementation requires strong management support and good planning. There are many individual ...

Get Security Policies and Implementation Issues, 2nd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.