For Security & Risk Professionals (Length: 14 pages)

January 18, 2007

Defining A High-Level Security Framework

Putting Basic Security Principles To Work

by Khalid Kark, Paul Stamp

with Jonathan Penn, Laura Koetzle, Jennifer Albornoz Mulligan

Executive Summary (This is a document excerpt)

A comprehensive security framework boils down to three familiar basic components: people, technology, and process. When correctly assembled, the people, technology, and process elements of your information security program work together to secure the environment and remain consistent with your firm's business objectives. A comprehensive security framework must be based on these three components and must also ensure policy definition, enforcement, measurement, monitoring, and reporting for each one of the components. However, because defining and implementing policies alone cannot ensure security, the framework must also: 1) identify risks to confidentiality, integrity, and availability for different business functions, and 2) reduce, transfer, or accept those risks. In this document, we establish a high-level framework that you can use either as a starting point for a new security program or as a blueprint for assessing your current security program.

Buy Risk-Free

Download and print PDF immediately. Price: US $379

Our Money-Back Guarantee: If you are not completely satisfied, return it for a full refund within three weeks of your online purchase.

Already a Forrester Client?
Log in to read this document.

Add to cart

TABLE OF CONTENTS

NOTES & RESOURCES

itemBack To The Three-Legged Stool: People, Technology, And Process

itemComprehensive Security Means Closing The Loop

itemControls Must Meet Confidentiality, Integrity, And Availability Needs

itemPut Your People To Work For You

itemApply Technology Widgets

itemTame Your Processes

recommendations

itemStart With A Top-Down Approach

Forrester's information security framework is the result of extensive research and consulting experience in the area of security and risk management. It aligns the security principles with the realities of business and will serve as a handy tool for organizations embarking on assessing and improving their current security and risk management programs.

Related Research Documents

itemMarketing Information Security

August 1, 2006, Best Practices

itemAre We Secure Yet?

March 31, 2006, Best Practices

itemSafeguarding Corporate Information

June 28, 2005, Market Overview

Find Documents In Related Categories
This document falls under the following categories. Click on a link below to find similar documents.
Analyst: Khalid Kark
Technology: Security & Risk, Security Operations, Security Program Governance
Geography: Asia Pacific, Europe, North America
Upcoming Teleconference:
Jam Session No. 2: (Re)Defining IT Value
Tuesday, December 02, 2008
corner border corner
Ratings and Comments
Rating: 9 out of 10
based on 3 ratings across all roles.
corner border corner