An organization’s collection of security policies, and therefore the entire security framework, shows its commitment to protecting information. As with security policies in general, a couple of considerations for implementing a framework are:
- Cost—Cost of implementing and maintaining the framework
- Impact—Impact of the controls required by the framework on employees, customers, and business processes
Creating a policy framework from the ground up takes time and effort. It’s important for management to budget for these expenses. In addition, as the number of documents in the framework grows, you may need a content management system to manage the documents. Many organizations already use Microsoft SharePoint ...