Information Security Policy framework

Developing and maintaining a set of documents that make up the information security policy set for an organization can be a significant undertaking. These documents cover the goals, objectives, and requirements for the organization’s security program, user behavior, and minimum controls for information systems and applications. Many information security policy sets in effect at organizations today lack the structure of a framework. Such policy sets suffer organization, clarity, and are a nightmare to maintain. The benefits of a structured information security policy set based on a framework include usefulness, audit support, and maintainability. Given the benefits of using an information security policy framework on which to base an organization’s information security policy set, organizations should strive to adopt a framework for their information security policy project. There are many available frameworks upon which to build and maintain an information security policy set.