Operations Security Discussion4

I don’t know how to handle this Computer Science question and need guidance.

An information technology (IT) security policy framework is the foundation of an organization’s information security program. Organizations use these documents to build process, determine acceptable technologies, and lay the foundation for enforcement. The security policy framework documents and their implementation express management’s view of the importance of information security.

  • Describe the role of a policy framework in an information security program
  • Describe the different types of policies used to document a security program
  • What business factor(s) do YOU think should be considered when building an organizational IT security policy framework? Explain
  • What is the difference between risk tolerance vs risk appetite?

To participate in the Discussion, respond to the Discussion prompt by Day 3. Then, read a selection of your colleagues’ postings. Finally, respond to at least two classmates in one or more of the following ways:

• Share an insight from having read your colleague’s posting.
• Offer and support an opinion.
• Validate an idea with your own experience.
• Make a suggestion.
• Expand on two of your colleagues’ postings.