What is the purpose of defining a framework for IT security policies?

Every enterprise that wants to house an information security program faces a daunting task. There are Federal and State laws, compliance laws, regulations, and compliance standards to be considered and adhered to and technical challenges to be met (Granneman, 2015). When organizations like the NIST, ISACA, and the ISO define frameworks for IT security policies, they provide a blueprint that organizations can adapt and customize to fulfill their own particular requirements. These standards are a combination of reviewed and tested research findings as well as industry best practices, and they help organizations to create and maintain their security programs effectively, quickly and get things right without having to reinvent the wheel and without going through a trial-and-error phase.


Granneman, J. (2015, July 23). IT security frameworks and standards: Choosing the right one. Retrieved from http://searchsecurity.techtarget.com/tip/IT-security-frameworks-and-standards-Choosing-the-right-one