Trends Report

Building An Effective Information Security Policy Framework

CISOs Need To Act To Realize True Business Benefit From Security Policy

October 21st, 2011
Andrew Rose, null
Andrew Rose
With contributors:
Stephanie Balaouras , Nick Hayes

Summary

As information security has become more widely understood, the majority of organizations have built a set of supporting policies. Unfortunately, many of these are slowly drifting toward irrelevance because they have remained largely static since their creation. Policies should protect an organization, driving business benefit and regulatory compliance. But many organizations struggle to say that these policies are consistently enforced, or even widely understood, and this is of growing concern given the increasing shift toward an extended-enterprise model. Chief information security officers (CISOs) need to find the balance of an effective policy framework that can evolve with the changing legal, regulatory, and corporate governance requirements while not becoming a significant burden on the information security team.

Want to read the full report?

Contact us to become a client

This report is available for individual purchase ($1495).

Forrester helps business and technology leaders use customer obsession to accelerate growth. That means empowering you to put the customer at the center of everything you do: your leadership strategy, and operations. Becoming a customer-obsessed organization requires change — it requires being bold. We give business and technology leaders the confidence to put bold into action, shaping and guiding how to navigate today's unprecedented change in order to succeed.