Summary
As information security has become more widely understood, the majority of organizations have built a set of supporting policies. Unfortunately, many of these are slowly drifting toward irrelevance because they have remained largely static since their creation. Policies should protect an organization, driving business benefit and regulatory compliance. But many organizations struggle to say that these policies are consistently enforced, or even widely understood, and this is of growing concern given the increasing shift toward an extended-enterprise model. Chief information security officers (CISOs) need to find the balance of an effective policy framework that can evolve with the changing legal, regulatory, and corporate governance requirements while not becoming a significant burden on the information security team.
- Stay ahead of changing market and customer dynamics with the latest insights.
- Partner with expert analysts to make progress on your top initiatives.
- Get answers from trusted research using Izola, Forrester's genAI tool.