Document Controls
For Security & Risk Professionals
| Primary Analyst Photo | Document Information | Rate this Document |
|---|---|---|
|
January 18, 2007 Defining A High-Level Security FrameworkPutting Basic Security Principles To Workby Khalid Kark, Paul Stamp with Jonathan Penn, Laura Koetzle, Jennifer Albornoz Mulligan |
Average: 9
(4 ratings)
|
This is an excerpt
Executive Summary
A comprehensive security framework boils down to three familiar basic components: people, technology, and process. When correctly assembled, the people, technology, and process elements of your information security program work together to secure the environment and remain consistent with your firm's business objectives. A comprehensive security framework must be based on these three components and must also ensure policy definition, enforcement, measurement, monitoring, and reporting for each one of the components. However, because defining and implementing policies alone cannot ensure security, the framework must also: 1) identify risks to confidentiality, integrity, and availability for different business functions, and 2) reduce, transfer, or accept those risks. In this document, we establish a high-level framework that you can use either as a starting point for a new security program or as a blueprint for assessing your current security program.
TABLE OF CONTENTS
- Back To The Three-Legged Stool: People, Technology, And Process
- Controls Must Meet Confidentiality, Integrity, And Availability Needs
RECOMMENDATIONS
- Start With A Top-Down Approach
- Related Research Documents
This is an excerpt
Buy Risk-Free
Price: US $499
Our Service Guarantee: If you are not completely satisfied with this document, notify Forrester within 24 hours of purchase for a full refund.
Already a Forrester Client?
Log in to read this document.
