A SECURITY POLICY FRAMEWORK is a comprehensive way of looking at information risks. You can look at security frameworks as a systematic way to identify, mitigate, and reduce these risks. The data can be at rest or moving through a process. The core objective of these frameworks is to establish a strong control mindset. A framework supports business objectives and legal obligations. It also promotes an organization's core values.

In this context, risk represents an event that could affect the achievement of these goals. For an organization to truly have control over these risks, a strong system of internal security controls must be in place. Security policies and procedures should be understood ...