Alignment with an established information security framework is the BEST way to facilitate the development of a comprehensive information security policy, because it provides a consistent and structured approach to define, implement, and maintain the policy across the organization. An information security framework is a set of best practices, standards, and guidelines that help to ensure the effectiveness, efficiency, and compliance of the information security policy.
References =
CISM Review Manual, 16th Edition, ISACA, 2020, p. 35: “An information security framework is a set of best practices, standards, and guidelines that provide a consistent and structured approach to information security governance.”
CISM Review Manual, 16th Edition, ISACA, 2020, p. 36: “The information security policy should be aligned with an established information security framework to ensure its effectiveness, efficiency, and compliance.”
Submit