CHAPTER

6

IT Security Policy Frameworks

AN INFORMATION TECHNOLOGY (IT) security policy framework is the foundation of an organization’s information security program. The framework consists of a library of documents. A policy framework is much more than “just” a collection of documents. Organizations use these documents to build process, determine acceptable technologies, and lay the foundation for enforcement. The security policy framework documents and their implementation express management’s view of the importance of information security.

Security policies frameworks can be large and complex, with significant impacts to the organization. Implementation requires strong management support and good planning. There are many individual ...

Get Security Policies and Implementation Issues, 2nd Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.