Business Considerations for the Framework

An organization’s collection of security policies, and therefore the entire security framework, shows its commitment to protecting information. As with security policies in general, a couple of considerations for implementing a framework are:

  • Cost—Cost of implementing and maintaining the framework
  • Impact—Impact of the controls required by the framework on employees, customers, and business processes

Creating a policy framework from the ground up takes time and effort. It’s important for management to budget for these expenses. In addition, as the number of documents in the framework grows, you may need a content management system to manage the documents. Many organizations already use Microsoft SharePoint ...

Get Security Policies and Implementation Issues, 3rd Edition now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.