Length: 14 pages For Security & Risk Professionals
January 18, 2007
Defining A High-Level Security Framework
Putting Basic Security Principles To Work
by Khalid Kark, Paul Stamp
with Jonathan Penn, Laura Koetzle, Jennifer Albornoz Mulligan

This is a document excerptEXECUTIVE SUMMARY

A comprehensive security framework boils down to three familiar basic components: people, technology, and process. When correctly assembled, the people, technology, and process elements of your information security program work together to secure the environment and remain consistent with your firm's business objectives. A comprehensive security framework must be based on these three components and must also ensure policy definition, enforcement, measurement, monitoring, and reporting for each one of the components. However, because defining and implementing policies alone cannot ensure security, the framework must also: 1) identify risks to confidentiality, integrity, and availability for different business functions, and 2) reduce, transfer, or accept those risks. In this document, we establish a high-level framework that you can use either as a starting point for a new security program or as a blueprint for assessing your current security program.

TABLE OF CONTENTS

NOTES & RESOURCES

itemBack To The Three-Legged Stool: People, Technology, And Process

itemComprehensive Security Means Closing The Loop

itemControls Must Meet Confidentiality, Integrity, And Availability Needs

itemPut Your People To Work For You

itemApply Technology Widgets

itemTame Your Processes

recommendations

itemStart With A Top-Down Approach

Forrester's information security framework is the result of extensive research and consulting experience in the area of security and risk management. It aligns the security principles with the realities of business and will serve as a handy tool for organizations embarking on assessing and improving their current security and risk management programs.

Related Research Documents

itemMarketing Information Security

August 1, 2006, Best Practices

itemAre We Secure Yet?

March 31, 2006, Best Practices

itemSafeguarding Corporate Information

June 28, 2005, Market Overview

Find Documents In Related Categories
This document falls under the following categories. Click on a link below to find similar documents.
Analyst: Khalid Kark, Paul Stamp
Technology: Security & Risk, Security Operations, Security Program Governance
Geography: Asia Pacific, Europe, North America
Buy Risk Free
Download and print PDF immediately
Price: US $379.00

Add to Cart

Our Money-Back Guarantee
If you are not completely satisfied, return it for a full refund within three weeks of your online purchase.

Already a Forrester Client?
Log in to read this document.

Archived Teleconference:
Seven Habits Of Highly Effective Chief Information Security Officers (CISO)
Original air date: Monday, October 15, 2007
corner border corner
Ratings and Comments
Rating: 9 out of 10
based on 3 ratings across all roles.
corner border corner