From the course: Writing Security Policies and Standards

Unlock the full course today

Join today to access over 23,400 courses taught by industry experts.

Mapping policies to governance frameworks

Mapping policies to governance frameworks

From the course: Writing Security Policies and Standards

Start my 1-month free trial Buy for my team

Mapping policies to governance frameworks

How do you know if your organization has the right security policies to protect data and manage risks effectively? A reliable way to ensure your organization has proper policy coverage is to map your policies against a governance framework like ISO 27001, HIPAA, or PCI DSS. This mapping is crucial if your organization needs to comply with one or more of these frameworks. But even if compliance isn't required, leveraging one of these frameworks provides a structured approach to building your policy architecture. For instance, consider the ISO 27001 framework for mapping your organization's policies. ISO 27001 is an international standard used by many organizations to build robust security programs and manage risk effectively. Its controls are organized into 15 operational capabilities. Governance, Asset Management, Information Protection, Human Resource Security, Physical Security, System and Network Security, Application Security, Secure Configuration, Identity and Access Management…

Contents