IN CHAPTER 6, you learned about policy frameworks. A framework includes policies, standards, baselines, procedures, and guidelines. We introduced you to some widely accepted frameworks to help you develop your own library of documents. You also learned about the roles people perform to create the library.

Viewing the IT security program at the framework level gives you a macro or holistic view of the program's span. At this level, you see overarching statements about a particular security topic but few details. It's essential to establish the framework properly because it's the basis for further work on the library.

If the policy framework from Chapter 6 is at the macro ...