CHAPTER 5

Operate Your Program

IT Risk Management Capabilities

Policies and Standards

Policies and standards may seem like boring, administrative functions but they are the backbone to your entire program. Your program operates based on the policies, procedures, and standards you have outlined for all facets of your workforce.

Members of your IT department should follow standards when it comes to change management, configurations, new builds, and implementations. You give them the expectations upfront and when the Internal Audit or anyone else comes to check on them, they will have had the answers to the test ahead of time. As mentioned in the design sections, policies, procedures, and standards are usually derived from legal or regulatory requirements, ...

Get The Business-Minded CISO now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.