ABSTRACT
Setting the foundation is obtained by first documenting the security policies and procedures necessary to ensure adequate and cost-effective organizational and system security controls are implemented, across the enterprise. A sound policy delineates the security management structure and clearly assigns security responsibilities, and lays the foundation necessary to reliably measure progress and compliance. A good policy is a document that defines the security management structure and clearly assigns security responsibilities and authority by laying the foundation necessary to reliably measure progress and compliance.
