Question

What constitutes a security policy framework? Discuss the elements of this summary, what elements are essential, and which elements could be optional. It is imperative that the summary should have a professional look and should be precise.

Answer 1

Security policy framework consists of the policies for security for different organisational components like physical security, systems safety, roles and responsibilities of the stakeholders including employees, standards for compliance , procedures to follow for implementation of security policy framework and training of the team members and employees.

Security framework policy includes defining its scope by including the different parts covered through the security policy. The organisational components include the access to the premises, identification of employees, maintaining control over entry and exit, safety of employees. The systems part covered through systems policy framework include the software and hardware of the business to avoid any risk or harm and measures to be taken for maintaining control and safety. The standards to be followed for such safety measures are also necessary to be defined so that they can be reviewed for their effectiveness. The procedures in implementation of security policy help stakeholders and employees to implement the security policy. Roles and responsibilities of the team members is optional to be defined in security policy framework as it can develop as per the need and different issues faced by the organisation for security of its systems and assets. Training of employees is also optional as the security monitoring, control and implementation can be outsourced to a third party based on their capabilities and experience with proper agreement and goals defined. It can release the important resources and can involve impartial review of the organisational security shared with different stakeholders.