Security Policies and Implementation Issues, 2nd Edition

CHAPTER

IT Security Policy Framework Approaches

AN INFORMATION TECHNOLOGY (IT) security policy framework supports business objectives and legal obligations. It also promotes an organization’s core values. It defines how an organization identifies, manages, and disposes of risk. A core objective of a security framework is to establish a strong control mindset, which creates an organization’s risk culture.

So selecting the right information security framework is important. There are a variety of frameworks in industry to choose from. A number of these are industry specific. Others offer a comprehensive view of IT that cuts across all industries. Which one is right for your organization will depend on the organization’s needs, the employees’ ...

Get Security Policies and Implementation Issues, 2nd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Security Policies and Implementation Issues, 2nd Edition by Johnson

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly