3 INFORMATION SECURITY FRAMEWORK
The purpose of establishing an information security framework is to ensure that appropriate control mechanisms are in place to effectively manage information assurance across the enterprise.
This chapter covers the basic principles for establishing such a framework within an organisation and looks at the general area of information security management. In particular, we consider the role and use of policy, standards and procedures, information assurance governance, security incident management and their appropriate implementation.
ORGANISATIONS AND RESPONSIBILITIES
Learning outcomes
The aim of this section is to provide the reader with the basic knowledge needed to understand the principles for organising information ...
Get Information Security Management Principles - Second edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
