An Information Technology (IT) security policy framework supports business objectives and legal obligations. It also promotes an organizations core values and defines how it identifies, manages and disposes of risk. A core objective of a security framework is to establish a strong control mindset, which creates an organization’s risk culture. When organizations implement security policies, there are pressures and trade-offs. Information technology (IT) security policies are represented in many types of policy documents, depending on the organization’s network and infrastructure needs. These differences stem from different cybersecurity risks.
Need in 500 words… no plagiarism