Establish Policies, Plans, and Procedures: Compliance Driven Security

Provided by: National Institute of Standards and Technology
Topic: Security
Format: PDF
In this paper, the authors explain about compliance driven security. It illustrates how a well-structured security governance program with fully developed and implemented policies, plans, and procedures applied in a risk-based approach strengthens an organization's security posture and encourages a cost effective use of resources. The objective of information security programs is to reduce risk to critical data and information systems. They measure the criticality of data by the adverse impact to an organization or its mission that would result from the loss or degradation of their data's confidentiality, integrity, or availability.

Find By Topic